Poor privileged account practices leaving you vulnerable? Read on!
This year’s Privileged Access Threat Report 2018 provides you insights on how poor privileged account management practices followed by organizations highlight a dying need to implement an organization-wide Privileged Identity and Access Management strategy.
The WannaCry ransomware attack in May 2017 crippled the UK’s NHS and disrupted a range of organizations across 150 countries. WannaCry was successful in making such a huge impact due to preventable vulnerabilities that had gone unaddressed. In addition to WannaCry,there were many more attacks including breaches at Uber and Equifax.
Even after this, the scale and sophistication of these cyber-attacks isn’t slowing down – ranging from phishing scams to cryptocurrency-based cyber-attacks, to statesponsored attacks on industrial control systems.
These attacks present a challenge that organizations cannot afford to be complacent in the face of cyber threats. We’re living in a age when cyberattacks are like a matter of when, not if, and what security professionals must focus on mitigating the risk, extent and damage.
IT administrators and third-party vendors need privileged access to do their jobs effectively, but the number of privileged users and accounts is growing exponentially and access to systems and data is often being granted in an uncontrolled way. In the face of growing threats, together with the introduction of stricter compliance standards,including the EU GDPR, the need to address and implement an organization-wide strategy to manage and control privileged access has never been greater.
Recently Bomgar did an extensive survey to 1021 of key decision makers who have visibility over the processes associated with enabling internal users and external parties to connect to their systems.
The survey sample size consisted of IT professionals across operations, IT support/helpdesk, IT security, compliance and risk or network/general IT roles. Respondents were from a range of industries, including manufacturing, finance, professional services, retail, healthcare, telecom and the public sector. The survey was conducted across the United Kingdom, the United States, Germany and France.
They found that breaches linked to the misuse of insider (62%) or third-party (66%) privileged credentials, it’s clear that although organizations understand the risks, they aren’t successfully addressing how they manage privileged credentials to protect their critical assets and systems.
Despite knowing that cyber-attacks are increasing day-by-day, organizations are leaving large parts of their IT Security to trust.Without having a tool or a resource which can monitor and manage privileged access, it may be difficult to detect and prevent security breaches.
The most trusting sector is financial services, where 46% of organizations say they completely trust insiders and 41% completely trust third party vendors. These results are higher than in any other sector.
Financial services organizations are the most likely to have experienced an insider or third-party breach in the last year.
If you notice the above picture,organizations in the financial sector are the most exposed to the threat of insider or third-party breaches, with 65% saying they have possibly or definitely suffered an insider-related breach in the last year and 72% possibly or definitely suffering a breach linked to a third-party identity. These numbers were lower in all other sectors: healthcare (61% and 63%), manufacturing (56% and 63%) and the public sector (51% and 47%).
While insiders and third-party identities each come with unique sets of behaviors and associated risks, solutions are available to manage and control the combined threat they pose. Survey shows organizations are addressing this threat in one of three ways:
The results show that 1 in every 10 organizations has no control over privileged identities at all, while almost half are controlling them manually, with no dedicated system in place. This not only consumes organizations valuable time and resources, but also leaves the majority of respondents wide open to cyber-attacks.
As we see in above picture, 75% of organizations increasing the number of vendors accessing their IT systems by up to or more than 20% in the last year. In addition, only 38% are very confident they can keep track of the number of vendors with privileged identities and access, and only 35% are very confident they can keep track of vendor log-ins. The statistics demonstrate that monitoring the number of third-parties with some level of access to IT networks is becoming more challenging, increasing the risk of a breach.
If you look at the below image, less than half (44%) of organizations using PIM/PIM have experienced a serious breach or expect to in the next six months, compared to 69% of those without control of their privileged users. Organizations are either very or fairly concerned about insider credentials being used for malicious purposes, whether intentionally (68%) or through phishing (67%) –again, highest than in any other sector.
Security professionals are aware that a breach is only a matter of time, with 50% of respondents having already suffered a serious breach or expecting to experience one within the next six months (up from 42% last year).
62% think its possible or definite they have suffered a breach through insider action.
66% think its possible or definite they have suffered a breach through third-party access.
65% of the respondents said they lack complete visibility which means only 35% have complete visibility of which insiders have privileged access. Only 37% have reporting on individual user activity tied to privileged insider accounts. At the same time only 34% can identify specific threats from insiders with privileged access. Almost 50% use manual processes to control privileged identities. While Only 38% are very confident they can track vendors with privileged access to their systems.
This research report shows that still crucial issues remain when it comes to the ways organizations manage privileged insider and third-party access to their systems. Risks posed by compromised or misused privileged identities and access continue to increase as cyber-attacks evolve and compliance mandates intensify. Although data breaches are inevitable, security and IT professionals need to implement controls and least privilege policies to contain attacks and mitigate damages.
Download Privileged Access Threat Report 2018 for free for more interesting facts and numbers.