Unix/Linux Privilege Management: What a Financial Services CISO Cares About

Nikolay Chernavsky

Hardly a week goes by without a major cyber security event affecting millions of users – and the financial industry is particularly vulnerable.

The 2017 Verizon Data Breach Investigations Report identified “Insider and Privilege Misuse” as a major incident pattern resulting in confirmed data breaches. According to Verizon, 62% of all breaches featured hacking, and of those, 81% leveraged stolen and/or weak passwords—giving the attacker the same privileges as a trusted insider.

At the heart of the problem lies a simple fact that many organizations fail to follow the basic information security principle of Least Privilege with trusted insiders having access to both highly sensitive and mission-critical information. As a result, accidental or deliberate misuse of a credential can lead to a breach. Companies in the financial industry are prime targets for such attacks because of the large potential payout of critical information.

While many tools have been developed to address Least Privilege issues on Windows-based systems, Linux/Unix systems were largely neglected. Unix/Linux systems are serving critical roles for many financial organizations, from storing highly sensitive information to processing millions of transactions between institutions. Being able to tightly control access to these systems is a critical security need.

This webinar will provide CISOs in financial services and other sectors:

  • A CISO’s first-hand experiences regarding the challenges faced in securing access to critical Unix and Linux systems
  • Real-world insights on how Unix and Linux Privileged Access Management (PAM) helps CISOs bolster security with granular access controls while also meeting compliance requirements
  • Guidance on selecting technologies that enable CISOs to meet their business objectives while remaining nimble
  • An executive view on where the market is headed in relation to PAM