Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Privileged Access Management 2019: A Year in Review

Written by Joseph Carson

November 19th, 2019

Another year has passed, and cyber attacks did not take a vacation or enjoy any time off. Cyber attacks wreak havoc on businesses 24/7. And cyber threats constantly increase and evolve, so organizations must adapt to become resilient to the newest threats.

Not all successful cyber attacks are sophisticated

This year confirmed that not all cyber attacks are sophisticated, and they don’t always come from nation states. Most cyber attacks use the cheapest technique requiring the least time and resources to get the task done. One of the goals is to remain hidden for as long as possible in order to carry out financial fraud.

Privileged Accounts and Identities are still a top target for Cyber Criminals

Cyber criminals don’t want to get caught. They want to stay hidden for as long as possible, carrying out malicious acts that are often disguised as the activity of a legitimate employee or contractor.  Once the cyber criminal has one foot in the door it’s not long before they move laterally or elevate privileges to those of an administrator. This enables them to roam the network gaining access to sensitive information and stealing as much data as possible. They can also poison records, deploy remote access tools, or perform financial fraud. It is privileged accounts that allow cyber criminals or malicious insiders to stay hidden for long periods, continuously deleting audit logs and abusing privileged access.

This year identity theft was taken to a new level with Deepfakes. Deepfakes—convincingly replacing someone’s image and/or voice in a video or image with that of someone else—are becoming one of the biggest threats to global stability. This technique amplifies fake news and expands overall cyber risks. Deepfakes are becoming so realistic that they’re increasingly difficult to detect. See deepfakes in action here. They concern me, though not yet to the point of keeping me awake at night.

The only cyber threats that keep me up at night are the ones that threaten human life.

Deepfakes make almost any digital audio or video online questionable in authenticity, and can be used to take not only the online identity of a victim but also the sound and appearance. Identity theft has now entered a new phase: an attacker can steal more than your online credentials—they can steal “you”, and even simulate your behavior.

The 14th Edition of the Global Risks Report 2019

The year started off with the World Economic Forum releasing the 14th edition of the Global Risks Report 2019 (PDF) which showed that governments around the world are still taking cyber attacks seriously—ranking them as the fourth greatest risk and impact to world economies and stability. As a result many governments have increased investments in both cyber security defensive and offensive capabilities. They’ve imposed strict regulations and enforcement on organizations that fail to implement adequate security practices resulting in data breaches.

Cyber Security Risks 2019 | WEF Global Risk Report

The Principle of Least Privilege Cyber Security and PAM

Least privilege cyber security is top of mind for CISOs around the world. One of the big reasons, of course, is that 80 percent of breaches today involve the compromise of IT and business user credentials, including IDs and passwords. To combat the exploitation of compromised accounts, organizations are increasingly recognizing how important it is to secure and protect privileged access across the enterprise, for super users, business users, services, applications, data and systems.

Listen to Joseph Carson describing least privilege to Lepide’s Aidan Simister using a simple analogy:

The concept of least privilege cyber security has come to the forefront because it offers a means to proactively ensure that when credentials are hacked or abused (and we should assume they will be sooner or later), privileges are restricted or limited so that any exploitation can be quickly recognized and contained. This is particularly important when securing hundreds or even thousands of vulnerable endpoints.  However, restricting privileged access poses significant challenges that must be, and can be, addressed.

To help organizations understand the principles of least privilege and how to successfully implement a least privilege strategy, I’ve authored an eBook published by Thycotic: Least Privilege Cybersecurity for Dummies.

Least Privilege Cybersecurity for Dummies eBook Cover

Incident Response Plan and Readiness is a 2019 TOP PRIORITY

In many 2019 data breaches we witnessed both poor incident response and good incident response. Your organization’s response to a data breach makes the difference between whether you experience a simple cyber incident or a cyber catastrophe.

Organizations that experience a cyber attack or data breach can see their stock value plummet, with losses between 4.8 – 15%. But the stock value can quickly recover, sometimes within days, depending on how well they respond to the incident. There may even be positive impact on the stock value due to customer confidence that results from the company demonstrating a solid incident response plan. Companies that did not demonstrate solid incident response continue to struggle, with data breach costs increasing and major fines looming.

Have a solid incident response plan ready. Download Thycotic’s customizable Incident Response Template

Thycotic’s free incident response plan template is designed to prevent a cyber breach from becoming a cyber catastrophe. It helps IT operations, security and incident response teams form a united front against an attack by coordinating actions and maintaining business continuity.

In the template you’ll find a checklist of roles and responsibilities to include in your cyber incident response plan, and actionable steps to measure the extent of an incident, and contain it before it damages critical systems.

You can customize your template to match your incident response policies, regulatory requirements and organizational structure.

Gartner announced Peer INSIGHTS Customer Choice for PAM

In March 2019 Gartner announced the Peer Insights Customers’ Choice for Privileged Access Management. Gartner defines privileged access management (PAM) as “tools which help organizations provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring privileged accounts and access.” The Gartner Peer Insights Customers’ Choice distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and/or using PAM products and services.

Review more of Gartner’s Peer Insight Data here. 

Gartner Privileged Access Management Market

About Peer Insights: Peer Insights is an online platform of ratings and reviews of IT software and services that are written and read by IT professionals and technology decision-makers. The goal is to help IT leaders make more insightful purchase decisions and help technology providers improve their products by receiving objective, unbiased feedback from their customers. Gartner Peer Insights includes more than 70,000 verified reviews in more than 200 markets. For more information, please visit www.gartner.com/reviews/home

In 2019 PAM was all about Securing Privileged Access, but where did it all start?

In 2019 PAM became about securing privileged access. Previously it was commonly known as privileged account management and long before that it was password management. Privileged access management is the most up to date “version” of PAM.  PAM is no longer just about securing privileged accounts within an enterprise vault. Now it’s about the secure usage of privileged accounts and secure access to privileged data.  Enterprise password management and privileged account management have now become features within privileged access management.

To learn more about the evolution of privileged access management, check out one of our top blogs:
The Evolution from Password Managers to Privileged Access Management. Which is right for you?

PAM is more than just a password vault

New 2019 KuppingerCole Leadership Compass released for Privileged Access Management

KuppingerCole is Europe’s leading analyst on the topic of Information Security in the era of Digital Transformation. Each year they release the Leadership Compass which is a tool that provides an overview of a particular IT market segment and identifies the leaders in that segment. It is the compass that points decision makers in the direction to help them identify the best vendors and products for their projects.

To see how Thycotic compares as a PAM leader, download your complimentary copy of the March 2019 KuppingerCole “Leadership Compass” report.

Gartner Top 10 Security Projects for 2019

Every year Gartner has recommended that security and risk management leaders implement these 10 security projects to address the changing needs of cyber security and effectively reduce risk. For the past two years Gartner has ranked privileged access management the TOP security priority for CISO’s.

Gartner’s TOP 10 Security Projects for 2019 were:

  1. Privileged access management (PAM)
  2. CARTA-inspired vulnerability management
  3. Detection and response
  4. Cloud access security broker (CASB)
  5. Cloud security posture management (CSPM)
  6. Business email compromise
  7. Dark data discovery
  8. Security incident report
  9. Container security
  10. Security rating services (SRS)
PAM | CISO's top priority
Why is privileged account management the number one project according to Gartner?

It’s important to understand why privileged access management continues to be the top security project—here’s my shortlist of reasons.

  1. PAM does more than IMPROVE SECURITY: IT SAVES MONEY
  2. PAM is a POSITIVE SECURITY EXPERIENCE and EMPOWERS EMPLOYEES
  3. PAM is a FAST TRACK TO COMPLIANCE
  4. PAM helps you RECOVER QUICKLY FROM CYBER-ATTACKS
  5. PAM is a POWERFUL SECURITY SOLUTION that makes a cyber criminal’s job more difficult

More info on why PAM is a TOP CISO Priority.

The 2019 Verizon Data Breach Investigations Report Key Takeaways  

Not surprisingly, the 12th edition of Verizon’s Report reveals that cyber criminals are still successfully using their hacking techniques—many of which are very common—and that we have failed to stop them. However, we are getting better at stopping them. Password reuse still gives cyber criminals access to sensitive information. 

More than 40K security incidents, and over 2K confirmed breaches

Based on an analysis of more than 40,000 security incidents (including 2,013 confirmed data breaches,) the Verizon Data Breach Investigations Report reveals that cyber crime has a far-reaching impact and leads to increased costs for businesses globally. While this number is lower than last year’s 53K analyzed incidents, the actual cost of cyber security is getting greater each year.

Cyber criminals still use the most common techniques because they’re affordable and effective

Check out my TOP TAKEAWAYS from the 2019 Verizon Data Breach Investigations Report

Zero TRUST and PAM Join Forces

The concept of Zero Trust security isn’t new; the term was coined by Forrester back in 2010 and was initially synonymous with a network security approach known as micro-segmentation: a way to create secure zones in data centers and cloud deployments that allow you to isolate workloads and protect them individually.

Today, trust is being abused by cyber criminals targeting unsuspecting employees’ personal accounts to gain access, later elevating to privileged accounts that can move around corporate networks undetected, potentially roaming around the network for months or even longer. Once attackers gain access to the internal network they typically have access to the entire network as everything inside the network is automatically trusted. This is why the Zero Trust security model was introduced—to address a new stance on trust: never trust and always verify.

Zero Trust

ZERO Trust trended in 2019 to become an important strategy to help reduce the risks from cyber attacks.

Zero Trust has an important role in improving security and reducing business risk, but it’s only an initial step in this process

Take a look at Thycotic’s take on how ZERO TRUST and PAM coexist.

Communication is the CISO’s path to success, and PAM can help 

Chief Information Security Officers (CISOs) shoulder immense responsibility. They’re responsible for their company’s cyber security posture, and at the same time, the security decisions they make impact core business metrics such as productivity, cost savings, revenue growth, and brand perception.

Today’s CISO must perform a balancing act. They are both “enforcers” of cyber security rules and regulations, and “enablers,” working to build a cyber security culture that contributes to business objectives. In this pivotal role the CISO must have strong technical skills, but must also be an assertive internal leader.

CISO Talks: Getting the Board to Understand Cyber Security with Joseph Carson and Danny Murphy:

If they’re lucky, CISOs may be invited to present to the board, but they’re not always considered a true member of the leadership team. Only half of the organizations surveyed in Thycotic’s report have a CISO position on their executive boards. CISOs and security teams have to work to gain the ear of business decision-makers, and it’s not always easy.

Most executives aren’t technical experts and don’t have a cyber security background. They may have misconceptions about cyber security that impede their ability to understand what it takes to protect an organization in today’s environment. They may also feel intimidated by the intricacies of cyber security requirements or industry jargon and avoid engaging with the details.

Finally, download Thycotic’s “Cyber Security Team’s Guide to Success“—a global survey report on cyber security executive insights—and discover how CISOs set key metrics, manage business alignment and improve leadership skills.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.