October 3, 2019
General Data Protection Regulation (GDPR) compliance keeps everyone, from the security team to the C-suite, up at night. GDPR requires all companies, regardless of size, to report data breaches to the relevant European authorities within 72 hours of discovery. Failing to do so on time can result in fines of up to 4% of total annual revenue. If organizations need a compelling reason to strengthen their security posture, GDPR is definitely near the top of the list.
The high breach risk faced by businesses across the board only increases the urgency to protect data and customers from the ever-evolving threat landscape. According to the Varonis data lab, 41 percent of companies have over 1,000 sensitive files available for anyone to view, 21 percent of all files are not protected at all, and 57 percent of companies have over 1,000 folders with inconsistent permissions. These whopping numbers of unprotected files contribute to the growth of successful phishing attacks, data breaches, and, ultimately, to financial and reputational damage. A Forrester study confirms that 38 percent of enterprises admit that they have lost business because of a real or perceived lack of security performance within their organization.
The trend shows no sign of abating. As new mobile and remote workforce constructs create demand for more flexible access policies, extending security beyond the traditional perimeter is the new normal. Employees, partners, and contractors can collaborate, share files and access resources from any location, introducing new security and privacy risks. Many organizations have lost sensitive data to unauthorized individuals via compromised networks, driving the need to prioritize privileged access management.
According to the Identity Management Institute, stolen employee access credentials are one of the leading causes of data breach incidents which will cost businesses about $2 trillion in 2019. In fact, stolen employee passwords are responsible for about 90% of cyber attacks according to leading industry and government reports.
To determine if your business is at risk, answer the following questions about privileged access management:
- Do you use a password manager?
- Do you use multi-factor authentication?
- Do you often share privileged access to your data?
- Have you been breached before?
If your first two answers are ‘No’ and the third one ‘Yes’, you should take steps to strengthen privileged access management. The easiest way to avoid potential breaches related to privileged access is to improve identity and password management hygiene. Identity verification is also a crucial element to strengthen privileged access. User identities and device security status help to monitor and spot issues and threats, block risky access and ensure enterprise security.
Modern enterprises are changing the way they discover and manage privileged accounts. When a data breach occurs it is not always clear from the start what caused it; whether it was an MITM attack, the data were stolen from a database, or someone abused privileged access.
Three ways to secure access and strengthen security:
- Set up a password manager
- Set up multi-factor authentication
- Monitor and control access and security
- Enforce identity verification
Today’s environment stands in contrast to when privileged access to systems and resources was contained inside the network. Privileged access now not only covers infrastructure, databases and network devices but is extended to cloud environments, Big Data, DevOps, containers and more. With regulations like GDPR gaining momentum, prioritizing privileged credential security makes good business sense. It delivers a double win by securing day-to-day operations and protecting an organization’s reputation.
If you are interested in this topic, learn more about how to secure and manage privileged access with Fyde.