Quick—how many individual data records have been stolen from enterprises in just the past 3 years?
Chances are you don’t know the exact number. Given how many data breaches occur every year, it can be a challenge to keep track of them all. According to identity and access management and privileged access management solution provider Identity Automation, last year alone the number of records stolen totaled 174.4 million. Further, their findings can’t account for the data breaches that go unreported—the actual number might be even higher!
Why are so many enterprises’ digital records in such jeopardy? The reason may lie in a finding from Forrester Research: 80% of security breaches involve stolen privileged access credentials. According to Identity Automation, privileged access credentials can grant your enterprise’s IT admins the ability to log into servers, switches, routers throughout your IT environment and to perform tasks without restriction. But by the same token, hackers who obtain those credentials can do the same.
Traditionally, privileged access credentials fell into several broad categories. However, Identity Automation contends that this traditional understanding doesn’t encompass a wide range of privileges, nor does fit with the current cybersecurity paradigm. Instead, the status of “privileged access credentials” should apply to any user with access to data that could be monetized (SSNs, credit cards, intellectual property, and personal health information) or that could cause reputational damage.
Your enterprise should be adopting a zero-trust mindset and should be on the lookout for unexpected privileged identity attack vectors, including:
- Social Media
- Marketing Automation and Customer Relationship Management Software
- Help Desk and Ticket Management
- Websites and Customers Portals
- Collaboration and Project Software
While each has its own potential issues—emails, in particular, aren’t nearly as confidential as we’d like to believe—a commonality between them is that they tend to favor frictionless user experiences. This often leads to compromised security protocols and thus compromised privileged access credentials.
Identity Automation also explores in detail the consequences of stolen privileged access credentials, including:
- Reputational Damage (which can cost enterprises as much as $4 million)
- Compliance and Regulatory Fines
- Stolen IP (which can account for more than 80% of your company’s value)
- Executive Job Loss
- Other Costs
To help your enterprise avoid these dire consequences, Identity Automation recommends some essential best practices for securing your privileged access credentials, including:
- Implementing time-and-location based access controls (Tom from Accounting generally shouldn’t be trying to log-in from Cambodia at 3 am).
- Embracing the principle of least privileges (giving employees only as many entitlements as they need to perform their day-to-day roles).
- Streamlining entitlement requests to supplement the zero-trust model.
- Improving your password policies to facilitate “passphrases.”
- Implementing multifactor authentication.
Above all, Identity Automation states that you should prioritize your credentials by evaluating what exactly each has access to and treating all of them as privileged. Give your IT security team control over the designation so that the end-user can’t give themselves undue convenience and therefore jeopardize your digital assets.
If your enterprise is interested in privileged access management in the modern IT environment, you should check out the “Why Your Organization Should Treat Every Account as Privileged” free e-book courtesy of Identity Automation.
Latest posts by Ben Canner (see all)
- Top Ten Books for Identity Management Professionals - September 16, 2020
- Is The Digital Perimeter Really Disappearing? Rethinking the IT Borders - September 14, 2020
- Why Machine Identity Management Matters Now More Than Ever - September 10, 2020