NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

A coffee with Graham Cluley

October 20, 2017

  • Blog
  • Archive

Organizations, security professionals and vendors are in a constant battle to keep up with an evolving environment of advanced threats and malware strains. It seems as soon as we catch up with the cyber criminals, they shift up a gear. At the recent Gartner Security and Risk Management Summit in London, Avecto grabbed a coffee with the renowned security blogger and independent analyst, Graham Cluley, to take a pulse check of enterprise security.

What do you believe are the biggest threats and challenges for organizations when it comes to IT security?

"I think the security threat which is most likely to be stopping members of the board from getting a good night's sleep is the risk of attackers breaching systems and stealing your data.

"Whether the stolen data is intellectual property, an email archive, or a database containing sensitive information about clients, the damage that can be done may not only tarnish the reputation of your organization (and prevent others from wanting to do business with you), but potentially result in the rolling of heads at the very top of the firm.

"Damaging data breaches can happen for a number of reasons - such as poorly configured security, rogue employees, or a failing of best practices such as strong encryption of data.

"But a common starting point for many breaches is malware, increasingly focussed on specific individuals inside your company in the form of a targeted attack. And with over 400,000 new samples of malware being seen every day you can't expect a single layer of anti-virus to prevent them all.

"The challenge, therefore, is to build a defense in depth approach, which allows your staff to continue to work effectively and successfully, while providing them with a strong defense against a seemingly ever-increasing barrage of attacks."

Where do companies start, what are the key things organizations can do to improve their security posture?

"My first recommendation is that you should find the weak points inside your company. Effectively that means "hack yourself, before someone hacks you". Think like a hacker and attempt to find the vulnerabilities in your processes and security infrastructure and - of course - then fix them!

"Hiring third party penetration testers can be a good idea if you don’t have the resources in house to do this, or if you are concerned that your own staff are "too close" to the coalface to see what's going on."

You touched on the value of defense in depth earlier, why is that such an effective approach?

"Defense in depth is a key part of the solution. You don't guard a prison with just one gate, you have multiple doors and locks so that if one fails to provide adequate security you can hopefully contain the situation.

"It's sensible to minimise the attack surface by reducing your users' exposure to a successful attack. That doesn't just mean running an anti-virus program, but considering whether your users really need admin rights and sandboxing executable code so if it does attempt something malicious, it cannot do any harm."

What lies ahead for enterprise security, what do you think are the future trends?

"It's hard to predict the future, particularly in computer security, because things change so quickly. What's surprising is just how many "old" threats continue to pose a significant problem - such as simple phishing emails for instance, which can continue to dupe unsuspecting users into handing their login credentials over to online criminals.

"Your staff will continue to present a weak point in your enterprise's security because they are (mostly) human, and any of us can make dumb mistakes from time to time. Regular refreshers about the importance of computer security can keep employees on your side, and encourage them to contact you if they spot anything unusual.

"One issue I would call out for particular attention, however, is the internet of things. Although many view IoT as a consumer issue, it will undoubtedly have an impact in the workplace as well - introduced often by your users.

"Internet-enabled devices, manufactured by companies who may not have a grounded history in information security and often built to a tight budget, will undoubtedly bring new threats into your organisation that you may not have considered before and - unlike your PCs - they could be particularly tricky to patch and secure."

To learn more about how Avecto can help secure your enterprise, visit www.avecto.com/defendpoint. You can also follow Graham Cluley on Twitter @gcluley.

Laura Butler,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.