Most organizations trying to reduce the risk of cyber breach focus on the privileged credentials or identities, but that’s only part of the battle when it comes to securing privileged access. Too often, we see companies spend a lot of time, resources, and money to pull their administrative credentials and passwords into a password vault or safe, but then continue to use access pathways such as RDP or VPN that are traditionally challenging to secure and can be leveraged by attackers to compromise a target.
Forgetting to secure access pathways
Improperly secured remote access continues to be called out year after year as a leading attack pathway for cyber criminals. Additionally, the use of weak and/or stolen passwords in cyberattacks also tops the list. You should absolutely be using a password safe or vault to protect and rotate your privileged accounts, but you also need to implement more secure remote access methods for a comprehensive defense in depth strategy. Traditional security measures such as firewalls, active directory rights management, complex password policies and frequent password rotation are proving to be more peripheral in nature, and shouldn’t be the only security measures in place for an organization. When unauthorized users gain access to accounts and credentials, they can bypass these traditional measures and move laterally across an organization’s network. The largest and most recent cyber breaches have been attributed to unauthorized users leveraging privileged credentials for unauthorized access.
Employees and vendors with remote access to systems and privileged credentials are prime targets for cyberattacks.
Despite being aware of these threats, most organizations still allow a myriad of internal and external parties to access their most valuable systems and data. Check out this webinar for more insight into shoring up your security posture, and avoiding the pitfalls of privileged access.
Sam Elliott, SVP, Products
Sam Elliott is the Senior Vice President of Products at BeyondTrust, where he oversees the company’s solution portfolio. Leading with an identity security first approach, he drives product innovation and integration strategies across the broader security ecosystem. A technology veteran of over 18 years, Elliott’s focus is in privileged access management, remote access security, and SaaS strategies. He has helped build successful, cloud-first, startups and held product leadership roles across core technology industries, including Cyber Security, IT Asset Management, and IT Service Management. Elliott earned his Bachelor of Science from Florida State University.