Technology research firm Gartner, Inc. recently released a post entitled “Top 10 Security Projects for 2018.” This post covered statements by Gartner Vice President and Analyst Neil MacDonald during the 2018 Gartner Security and Risk Management Summit. MacDonald’s speech aimed to assist new chief information security officers to prioritize their cybersecurity objectives effectively.
The number one cybersecurity priority, therefore, according to Gartner? Privileged Account Management.
We here at Solutions Review have written time and time again of the importance of securing privileged accounts from external and internal threat actors, as privileged users’ access can cause even more damage if it falls into the wrong hands or is otherwise misused. Over 80% of all breaches begin with weak or stolen privileged credentials, according to recent studies.
Gartner recommends that CISOs prioritizing privileged account management in their enterprise’s cybersecurity monitor those accounts for unusual behaviors, work to secure their credentials from unwanted hands, and institute multifactor authentication (MFA) for all administrators and third parties.
Additionally, Gartner recommends instituting a risk-based approach system before implementing privileged account management changes. For our own part, we at Solutions Review recommend that you also practice role management and the principle of least privileges in your privileged account management.
Permissions even for privileged users should never be uniform but instead determined based on what users need to accomplish their roles in your enterprise—and given nothing more unless absolutely necessary. Those permissions, in turn, should be monitored and revoked if determined to be superfluous; this will minimize the damage a single misused privileged account can wreck on your network.
Gartner’s other top security projects include anti-phishing, application control on server workloads, detection and response, and automated security scanning.
According to Gartner, just as important as what to prioritize is how you prioritize to ensure cybersecurity success: privileged account management and other cybersecurity projects ongoing projects rather than initiatives with definitive victory conditions.
In his statements, MacDonald said: “Focus on projects that reduce the most amount of risk and have the largest business impact…These are projects, not programs, with real supporting technologies.”
Yes, cybersecurity remains as always a marathon, not a sprint, and it can be a daunting journey. However, the benefits always outweigh the risks. It’s the right time to put on your running shoes and start taking on these security projects for your enterprise.
You can read the full post here.