The annual Verizon Data Breach Investigations Report, commonly known as the DBIR, was just released for 2018. As usual, it’s packed with useful information about data breaches – why they happen, who is perpetrating them, how they are getting in, and what they are trying to accomplish.
Not surprisingly, the #1 cause of data breaches was “Use of stolen credentials.” Also called “hacking” in the DBIR, threat actors routinely target credentials for theft, often using phishing emails or social engineering as a method of acquiring usernames and passwords. For hackers, using legitimate credentials is not only an effective way to initiate a breach, but also to go undetected for longer periods of time as they move laterally across a network, escalating privileges, accessing systems, and exfiltrating data.
Also high on the list of breach actions, at #4, was “Privilege Misuse.” Privilege misuse occurs when insiders, such as employees or contractors, use their legitimate privileged credentials to access data or systems beyond the scope of their job role, with the purpose of malicious use of organizational resources. Unintentional misuse, due to employee error, can result in a data breach as well.
The DBIR focuses on how different industries vary in their risks and how they are targeted, but use of stolen credentials and privilege misuse universally impact diverse industries. Privileged Access Management and Privileged Identity Management solutions such as Bomgar Privileged Access and Lieberman RED Identity Manager are security tools that are extremely effective in addressing these types of breach actions. Using these solutions, organizations improve their security posture:
- Discover, store, and rotate privileged credentials on a continuous basis to protect your organization’s network from the threat of stolen credentials – for the widest variety of account types
- Granularly control the access pathways to your network by limiting what users can do to just their relevant job tasks - for both insiders and 3rd parties.
The DBIR can help you better understand how breaches can impact affected organizations, and Bomgar is ready to help reduce your risk of a breach by managing and controlling accounts and access while keeping your users productive.
Stacy Blaiss, VP of Corporate Marketing
Stacy Blaiss, VP of Corporate Marketing, leads the team that enables our brand identity and executes marketing programs that drive success for BeyondTrust, our customers, and partners. Stacy has 20+ years of experience in B2B marketing in the telecommunications, payments, and cybersecurity industries, and is passionate about enabling marketing strategies that connect with the customer’s needs, business problems, and security challenges. Stacy received her MBA from the Goizueta Business School at Emory University, and a BS from the Indiana University Kelley School of Business. In 2022, Stacy participated in the KPMG Executive Leadership Institute for Women.