Pro-Active vs. Reactive Security

February 15, 2022

In an ideal world, everyone’s data would be secure. Even though this is obviously not the case, there are clear actions an organisation can take to protect its most sensitive data from the risks of breach and attack.

Protection vs Post-Attack Recovery?

Some organisations opt for a reactive approach to certain aspects of their security. This means they can at least temporarily avoid the costs of a security solution in the hope that they won’t be a target for an attack. Unfortunately, this is not a sensible approach. Organisations should be considering a breach as inevitable rather than assuming invincibility, but with budget and resource constraints it’s easy to postpone decisions around costly security projects.

Given that the average cost of a data breach in 2021 was $4.24 million, postponing security projects sounds like a risky game… A preventative approach, on the other hand, can be executed in a scalable way, developing as the business grows to align with a security road map.

2022_02_pam_blog-image (2)

Prioritising the Riskiest Accounts

On a tighter budget, it’s useful to prioritise certain aspects of security. Often the most sensitive data or systems are only accessible via certain accounts with elevated access rights. It’s therefore these accounts which must be secured and monitored as a priority to mitigate the risk of privilege escalation attacks (where the threat actor gains access to accounts with higher access rights than the one initially compromised).

In a 2021 survey, only 10.6% of respondents said they implemented Privileged Access Management everywhere, and a worrying 40.7% admitted to not using PAM at all. With little to no visibility of privileged user activity and access rights, IT teams will lose track of who has access to what.

An analysis on cyber-criminal activity has shown a 935% increase in double-extortion ransomware attacks since 2020. This is where the attacker exfiltrates data, encrypts it, threatens public release, and often publishes the data regardless of whether the organisation has paid the ransom or not. Although there are multiple ways for an attack like this to be executed, securing accounts with the most access is one way to limit costs and damage.

2022_02_pam_blog-image (1)

What is Privileged Access Management?

Using the hotel analogy, a guest has a key that grants them access to their room only. But staff, such as cleaners, will hold a master key that grants them access to all the rooms to make their job quick and easy. However, if the master key gets into the wrong hands, that individual will have access to all the rooms in the hotel, which poses a massive risk. In the same way, privileged accounts in IT systems are often responsible for breaches because substantial damage can be done in the wrong hands.

Privileged Access Management (PAM) ensures the protection and monitoring of the accounts that hold the “master key” to the most sensitive data and systems. This involves:

  • Securing privileged credentials using encryption and automating manual tasks such as password creation and vaulting,
  • Ensuring compliance with audit, reporting and analysis features,
  • Automating security responses using behaviour analytics to avoid irreparable damage,
  • And a multitude of other features for security and user experience.

Implementing Privileged Access Management is a critical step in every organisation’s security road map. Used in synergy with other Identity and Access Management solutions such as Identity Governance, PAM fortifies your organisation’s security posture so that you can sleep at night without the worry of a $4 million data breach.

To learn more about Privileged Access Management, you can download our white paper.

Download PAM white paper