+1-202-802-9399 (US)

New Zealand Cyber Security Strategy

Protect Privileged Account Passwords to Help Comply with updated new Zealand cyber security strategy

WHAT’S New

The refreshed New Zealand Cyber Security Strategy comes with an Action Plan and a National Plan to Address Cybercrime, which is added to the original four key principles. The new strategy was released in December 2015 and replaces the New Zealand Cyber Security Strategy from 2011.

WHy It’s important

According to the New Zealand National Cyber Security Center and Australian Signals Directorate, an attacker’s priority target is the directory of privileged credentials, which can be accessed onsite or remotely, and allows an attacker operate inside a network for months, if not years, undetected.

How We solve it

Thycotic Privileged Account security solutions help you enforce your organization’s cyber security policies to protect privileged account passwords, demonstrate compliance with regulations, and establish least privilege access.

New Zealand Security Advisory calls for stronger control of Privileged Accounts.

The NZ National Cyber Security Centre (NCSC) released, CSA-006-17 “Detecting the Misuse of Administrative Credentials,” and with the Australian Signals Directorate identified that:

  • For successful compromise of systems, an attacker’s priority target is the discovery of privileged credentials.
  • For sophisticated attacks, remote access using privileged credentials is the preferred method.

Using existing credentials aids in obfuscating the malicious attack and ongoing presence inside a network for months, if not years!

THE ADVISORY RECOMMENDS THE FOLLOWING PROTECTION MEASURES TO MITIGATE RISK

  1. Minimise administrative privileges
    Follow a Least Privilege Model by removing administrator and superuser privileges from users and enforce application whitelisting. Together, these strategies will eliminate the potential for employees to unknowingly run ransomware. By preventing malicious software from getting the privileges required to run, organisations protect their systems and stop the malware in its tracks.
  2. Implement access controls around privileged accounts
    Privileged Accounts are the top target of any attacker to gain access and move anywhere within a network. First, attackers gain a foothold in the network by any means possible, often through exploiting an end-user computer, then working to elevate their privileges by compromising a privileged account, which allows attackers to operate on a network as if they are a trusted IT administrator. It is extremely important to control and monitor the use of privileged accounts within the organization by automatically discovering and taking control of new accounts to prevent attackers from opening back doors into a network.
  3. Fully appraise the risk from external access
    Organisations need to consider the risk whenever outsourcing or allowing external organisations to access their IT infrastructure. Organisations should ensure that these third parties maintain a level of cyber security practice that they would consider appropriate for their own information assets. The possibility of a third-party compromise and effect that would have on their own networks must be considered.
  4. Consider specific credential management solutions
    Implement a comprehensive privileged account management (PAM) solution with a trusted partner to help you control access to systems and sensitive data, comply with policies and regulations, and ultimately make your company safer. Look for software solutions that automate the identification and understanding of risk to your privileged accounts, along with continuous monitoring, recording, and secure storage.

Learn more on Cyber Security Advisory CSA-006-17 – Detecting the Misuse of Administrative Credentials.

Important implications for companies with European ties

The new EU GDPR replaces the European General Data Protection Directive from 1995 and provides the foundation for taking responsibility and being accountable when it comes to dealing with European citizens’ private data.

This means you are accountable and responsible for all the information you collect. The more information you gather, the more data you have to account for, and therefore the more data you are responsible for. If a data breach occurs and it is found that adequate security measures were not in place, there are significant penalties and fines: 20 million euros or 4% of annual turnover.

Learn more about the key impacts and consequences for your organization, and how to set expectations for EU GDPR changes affecting the collection or processing of European citizen’s private data by downloading the resources we offer.

THYCOTIC’S SOLUTIONS

Thycotic Privileged Account Password Security Solutions help you prepare for breach attempts.

Privileged accounts are a preferred target of hackers. So Thycotic Secret Server and Privileged Manager software solutions help you enforce security policies for protecting privileged account passwords and establish least privilege access.

Secure Your Passwords

Start Your 30-Day Free Trial Secret Server

By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

Protect your Endpoints

Start Your 30-Day Free Trial Privilege Manager

By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

Or call us at 1-202-802-9399

Get your FREE Discovery Tools to assess your privileged account and endpoint risk.

No cost. No kidding. It’s FREE forever!

Thycotic Active Directory Service Accounts Discovery Tool

Free

Windows Discovery

Tool

endpoint_tool_report

Free

Endpoint Discovery

Tool

Discovery-tool-UNIX

Free

UNIX Discovery

Tool

How do your Privileged Password
practices compare?

Find out now

FREE Privileged Password
Best Practices Benchmark Survey

Take the Survey