Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Digital Warfare: the new global arms race?

June 14, 2017

  • Blog
  • Archive

It’s been a month since the WannaCry ransomware attack infected banks, hospitals and government agencies in more than 150 countries. As more digitization occurs in business, ransomware and other threats will only become more pervasive and frequent as nation-states and underground criminal organizations use cyberspace to further their objectives.  

WannaCry demonstrated just how widespread and disruptive a ransomware attack can be, and how privileged user accounts continue to hold high value for attackers as they seek access to companies’ IT infrastructures.

Many organizations are aware of the need to strengthen how they identify and protect privileged users, but still struggle to control and manage privilege access to their critical systems. This is made more complicated by the fact that despite training and sharing security best practices, studies show employees continue to have a lack regard for IT rules. Bomgar’s recent Secure Access Threat Report found that 61% of respondents were concerned with administrative or privileged credentials will be phished from an employee and found that only half (54%) of organizations conduct annual training  to keep insiders aware of security processes and, shockingly, only 53% include this training as part of induction for new employees.  

It’s fair to make the analogy that businesses worldwide are in an “arms race” to keep defenses on pace with the types of attacks that are becoming more common and more impactful. As businesses seek to create a stronger security profile at both an organizational and individual level, here are some key questions to consider:  

What assets are most attractive to cybercriminals?  

  • Personal Data - any information that can be personally identifiable such as credit card numbers, passport information, patient records, Social Security data and other valuable intel they could sell the black market.
  • Proprietary Information -   any information that an organization wishes to keep confidential such as customer lists from a CRM database, top secret research and development data or new product designs.
  • Reputation – in addition to or instead of financial disruption, hackers can also be interested in damaging an organizations reputation, such as compromising a corporate Twitter account to post less-than-desirable information or images.  

The eventual goal of the attacker is to be financially or reputationally profitable, whether they themselves use your stolen information for personal gain, sell it on the black market or just wreak havoc on your company’s reputation.  

What are the common modes of attack?  

The use of phishing emails containing malware is the top mode of infiltration due to its ease of execution and high success rate. Through successful phishing, cybercriminals can deposit ransomware such as WannaCry in computers and demand payment. Phishing is also used to trick victims into disclosing their credentials which can then be traded on the black market or leveraged to execute further attacks. Successful phishing may also potentially allow sponsored hackers to infiltrate targeted networks and then deploy a variety of stealthy techniques to extract valuable data over a long period. Such attacks are known as Advanced Persistent Threats (APT).  

How can organizations prevent or prepare for such attacks?  


  • Manage and control privileged access to systems – Implement a policy of ‘least privilege’, granting access to users based on their needs, job roles, or functions. Don’t forget about third-party contractors and vendors, and service or help desks who are often granted more privileges than they require.
  • Implement multifactor authentication – Ensure users are who they say they are by requiring multifactor authentication to access any privileged system.
  • Review policies and train people regularly – Technology can help make security easier, but it’s just one aspect of the entire solution. Make sure that each employee or contractor is regularly educated on cyber security best practices.
  • Monitor, record and analyze behavior – Create and track an audit trail for all privileged user activities, and review for anomalies or strange behavior. 

At Bomgar, we connect people with technology by controlling access while enabling secure collaboration – learn more about how our solutions can help improve your organization’s security posture.

Photograph of Eugene Zhang

Eugene Zhang, Sr. Solutions Engineer

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.