Since the news of Equifax’s historic data breach broke in September, countless articles have examined the company’s missteps and what could have been done differently to prevent the attack, or at least minimize the damage. While Equifax is certainly in the security media’s current crosshairs, it’s far from the only organization grappling with the fallout of a high-profile data breach. Yet despite the frequency with which these events occur, many companies and individuals alike continue to display a shocking apathy in the face of security threats.
For example, while administrator, or privileged, accounts are frequently targeted by hackers, many organizations have not taken the basic steps to shore up privileged access security. Bomgar’s CEO Matt Dircks elaborated on why privileged access is such an attractive target for hackers in a recent ITBusinessEdge article: “These users are targeted by the threat actor because they are likely to have access to other privileged credentials that the hacker can leverage to increase dwell time and compromise their target.”
This was the case with the Deloitte breach which, though it came to light in late September, originated in 2016. All administrator accounts and the company’s entire internal email system were compromised, and the damage went undetected for quite some time. Speaking to InformationSecurityBuzz at the time, Matt said: “It’s critical that all privileged accounts be secured via multi-factor authentication and strong credential management policies, including frequent rotation of privileged credentials. In addition, companies must employ technology that controls, facilitates, and monitors access to privileged systems and data which can aid significantly in detecting intrusion before serious damages occur.”
Productivity concerns are a key reason many companies are hesitant to invest in new security solutions. After all, if technology impedes workflow, adoption will be low and employees, vendors and other external parties might embrace a workaround that in turn introduces new security vulnerabilities into the organization. These fears are certainly valid, but the reality is that many solutions on the market today enable organizations to address security concerns while simultaneously fostering greater productivity.
As Sam Elliott, our director of security product management, put it in a recent ICMI article: “When implemented securely, privileged credentials can make privileged users’ jobs easier. For example, a privileged access management solution can provide a vendor with immediate access to the systems they need without requiring them to log into a VPN. This eliminates giving the vendor unfettered VPN access to the entire network while making it faster for him/her to complete the job.”
The ongoing fallout from the Equifax attack underscores just how critical it is for organizations to make security a top priority. As companies finalize plans and budgets ahead of the new year, now is an opportune time to invest in solutions to combat the numerous risks facing companies today. If more organizations are diligent about protecting against security threats while also ensuring productivity, perhaps breaches won’t feature quite so prominently in 2018’s headlines