What do many recent mega-breaches have in common? In most, hackers gained access to IT systems through a trusted third-party account, such as that of a vendor. A new Gartner report on remote privileged access for third-parties finds that nearly 75 percent of enterprises are significantly exposed to a cyber-attack due to unsafe privileged access processes. Two of 2015's mega-breaches—of health insurer BCBS Excellus and the U.S. Office of Personnel Management—show that the damage from these events can be long-lasting. But what can be done? Creating a virtual fortress around IT systems and networks won't likely offer an organization greater protection.
In fact, such a response could cause further harm by preventing data, systems and people from functioning productively. Implementing granular access controls that can be tailored for each privileged user, rather than giving everyone all-or-nothing VPN access; this allows users to continue to be productive while reducing the potential impact of compromised credentials. This slide show, based on eWEEK reporting, including information provided by remote support software provider Bomgar, lists several common third-party access mistakes that organizations should avoid and alternative practices organizations should implement to shore up IT security. Read more.