January 07, 2020//Tony HowlettLast Updated: November 19, 2020
You’ve probably already taken the time to reflect on the past year and make resolutions for how you can be and do better. Instead of your typical resolutions (like limiting your sugar intake or biting your nails) we’re going to talk about how we can position ourselves, and our companies, in the best way possible when it comes to cybersecurity. Throughout all of 2019, data breaches never seemed to let up and privileged accounts have never been more at risk.
Now that 2020 is here, it’s time to make sure that both you and your organization are ready to combat anything that could come your way. In order to best protect your organization, it’s important to know what threats may be coming your way.
As data breaches within corporations continue to rise, the expenses to recover from them are escalating at an alarming rate. According to a study by the Ponemon Institute and IBM, the average cost of a data breach is $3.92 million, which is up 6.4% compared to the previous year. And it’s even worse is if there’s a third-party or vendor that’s related to the data breach. With third-party breaches, there can be additional costs beyond the usual financial, regulatory, and reputational damages that an internally caused data breach can bring. These damages can combine to make third-party breaches far more expensive than one where a third-party isn’t involved.
While we all know the upsides of having vendors (like increased efficiency and lower staffing and capital expenses), it’s also important to realize there are possible downsides of allowing vendors onto your network. A solid vendor risk management program, backed up by technology, policies, and procedures is the best protection. Add to that robust review and audit processes that can catch any vendor-related problems before they become data breaches and you should be able to sleep better at night, at least when it comes to third-party risk. Resolve to leave any and all vendor-related security risks in 2019.
Privileged Access Management (PAM) is a newer technology within the Identity and Access Management (IAM) space that focuses on applying additional controls and protections on accounts with privileged or administrative rights. It’s one of the fastest-growing segments of cybersecurity technology and is a combination of tools and technologies used to secure, control, and monitor access to an organization’s critical information and resources via privileged accounts. Subcategories of PAM include privileged password management, privileged session management, vendor privileged access management, and application access management.
Vendor privileged access management (VPAM) is a type of PAM that focuses on high-level external threats that come from an organization’s reliance on external partners (vendors or third parties) to support, maintain, or troubleshoot certain technologies and systems inside their corporate network. Representatives from these vendors require privileged remote network access to complete their tasks, thus posing a unique threat to overall IT management, security, and compliance if not properly managed.
Though it may seem obvious, it’s important to remember that data breaches and privileged accounts aren’t mutually exclusive. In fact, according to a report by IBM, 74% of data breaches involved a privileged account. For hackers to get into highly sensitive databases and systems that contain valuable information they can sell or put up for ransom, they really need high-level access. If they can’t get it, or their use of a privileged account is flagged, the attack can be stopped in its tracks, or at least limited in the damage it can do. 2020 is the year to invest in both PAM and VPAM to make sure that all of your privileged accounts, both internal and external are safe.
Make 2020 your best year yet by making sure you follow your cybersecurity resolutions:
To learn more about how to protect your organization from top threats, check out our helpful infographic that outlines how to best manage employee and third-party vendor remote access threats.