By Karl Lankford,
Director of Solutions Engineering, BeyondTrust
The world is an uncertain place, particularly for cybersecurity professionals – many of whom have learned the hard way that they can’t rest on their laurels. While new technologies and methods of attack are always emerging, threats are constantly attacking organisations from both outside and in. In an age where a cybersecurity incident is both imminent and expected, IT professionals need to know what to look out for and, crucially, how to best prepare for a security event.
The threat from within
When you hear the phrase ‘cyber threat’, it’s natural to imagine a nefarious outsider carrying out an external attack. Yet, the reality is that compromised access from employees is one of the biggest risks facing businesses right now.
In the UK, poor security hygiene by employees continues to be a challenge for most organisations. According to the 2019 Privileged Access Threat Report, staff sending files to personal email accounts, for example, was cited as an issue by 64% of UK IT professionals, while colleagues telling each other passwords was a concern for 65%. The report also highlighted that over a third (35%) are worried about unintended data loss when employees use unsecured devices, and while 72% of IT professionals agree that their businesses would be more secure if they restricted employee device access, this isn’t usually realistic or a viable solution, let alone conducive to productivity.
Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively, but require this access granted in a way that doesn’t compromise security or impede productivity. In the face of growing threats, there has never been a greater need to implement organisation-wide strategies and solutions to manage and control privileged access in a way that fits the needs of the user.
Continual employee education around best practices is vital, but privileged access management (PAM) tools can also help, especially since many of the insecure employee behaviours are easily preventable with the right password security solutions.
What’s driving policy: internal problems or external factors?
With GDPR coming into effect last year, it’s unsurprising that last year’s report found that compliance was one of the biggest drivers of cybersecurity strategies, however this year’s survey has found that high profile security breaches is the leading driver. Almost half (43%) say that high-profile security breaches outside of their business, are having a significant effect on the way they’re governing employee access, while GDPR compliancy is taking a backseat as third most important (41%). Meanwhile, 42% cite concern of unintended data loss from unsecured data devices as driving their policies on employee network access.
The report also found that the risks associated with the Internet of Things (IoT) posed a big concern for the professionals surveyed, with 61% of UK businesses citing that IoT devices pose a threat to security. Despite this, a majority (80%) are confident they know how many IoT devices are accessing their systems, and 81% are confident they know how many individual logins can be attributed to these devices. At the same time, 41% of security decision makers perceive at least a moderate risk from Bring Your Own Device (BYOD) policies.
More vendors, more exposure, less confidence
Many IT teams struggle enough in managing identities and privileged access within their organisation. However, IT security professionals must also control vendor access.
As the vendor ecosystem grows, the threat landscape evolves and users should be granted specific role-based privileges. Organisations need to accept that the way to mitigate risks is by managing privileged accounts through integrated technology and automated processes that not only save time, but also provide visibility across the environment. By implementing cybersecurity policies and solutions that also speed business efficiency, versus putting roadblocks in users’ way, organisations can begin to tackle the privileged access problem.
Ideally, a business’ own security best practices should also be extended to the vendors it works with. 46% of UK organisations say they have more than 100 vendors logging in regularly, highlighting the sheer scope of risk exposure, with 83% admitting they trust third party vendors accessing their networks, a slight increase to last year’s report. Trust in employee privileged access was cited at 87% however, a decrease of trust from last year which was 91%.
In an age where data breaches have immense financial and reputational implications for businesses, it’s a stark reminder that UK organisations need to do more to assess the level of trust they place in their third-party vendors.
How to combat cyber threats
So, what strategies are IT leaders implementing to address the diverse array of privileged access challenges, and what has been effective? The report did show that some organisations are managing these risks with a PAM solution. From the research, these same organisations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, 90% of UK organisations with fully integrated PAM tools are confident they can identify specific threats from employees with privileged access.
The next big issues in cybersecurity threat management
Although the level of perceived threat has remained fairly consistent for both insiders and vendors, the threat landscape itself continues to evolve with a number of emerging threats that need to be considered. New technologies and platforms often introduce new risks. Artificial intelligence (AI), for example, promises many benefits but there are still many assumptions made about what the actual outcomes look like for organisations.
As we approach the next decade, issues around employee and vendor access are not going away. As long as businesses have data and IT assets to protect, new threats will continue to emerge. Yet, as 2019’s report has made clear, it is possible to improve the visibility of threats and increase the confidence over an IT environment’s security. With an appropriate number of well-integrated PAM solutions, businesses can gain greater visibility and control of privileged insiders and third-party vendors, and all without disrupting productivity. A PAM solution implemented with the user experience in mind, can enable the automated management of privileged access and remote access, while minimising the vulnerabilities caused by employees and vendors. Combined with continual education and intelligent device management, this gives organisations control and visibility of their privileged access, helping them to protect critical data and systems.