October is worldwide Cybersecurity Awareness Month, and as a marketing professional I always wonder if we are doing enough to make organizations aware of the threats that modern enterprises are facing as well as ways to mitigate. As October comes around every year, I like to use it as an opportunity to look back at what we’ve been doing at Centrify around awareness and education for ways to stop the breach.
This year, I was pleasantly surprised when I reflected on some of our most recent , because I feel they address several areas where organizations need to be more aware of their risk for the #1 cause of breaches, privileged access abuse.
Our February 2019 survey report, “,” lent empirical validation to a lot of the eye-opening trends that we already knew to be true:
- 74% of data breaches involve privileged access abuse
- 52% of organizations aren’t using a password vault
- 65% of organizations are still sharing root or privileged access to systems and data
- 45% of organizations are not controlling privileged access to cloud workloads
We are in a new era of digital transformation and its supporting technologies that are making legacy approaches to PAM obsolete. Modern enterprises are facing a new threatscape, where perimeters don’t exist, with exponentially more potential exposure points, and armed with the knowledge that cyber-attackers are already in their network.
One of our favorite sayings here at Centrify is that cyber-attackers no longer “hack in” – they “log in”, using weak, default, stolen or otherwise compromised credentials. The urgency to secure controls to privileged access has never been greater.
That said, for this Cybersecurity Awareness Month, I’d like to encourage you to consider these 5 topics and our recent webinars to increase your awareness about the biggest potential threats facing your organization and PAM trends to address them. They are free to watch, and available on-demand.
1. The Anatomy of a Hack: It’s Not Happening How (or by Whom) You Probably Think It Is
The stereotype is always the same: dark characters in hoodies sitting in front of a bunch of computer monitors with code on them, going up against sophisticated technology to hack into corporate networks. The anatomy of a hack has been glorified, leading to the common belief that data breaches require a tremendous amount of sophistication. However, post-mortem analysis has repeatedly found that the source of a hack is often due simply to compromised credentials. Things are not what you think, as you’ll learn in, “.”
2. PAM 101: At Least Get a Vault
Forrester estimates that 80% of data breaches involve weak, default, stolen or otherwise compromised privileged credentials. Our 74% stat from surveying 1,000 IT decision makers backs that up, and also shows that most organizations aren’t doing some of the absolute basics to secure privileged access. This webinar with Forrester Principal Analyst Chase Cunningham outlines the fundamentals of PAM, including a very direct starting point: “.”
3. Ransomware: Two Words – STOP PAYING
Cyber criminals are successfully applying this age-old technique to modern technologies, and recently organizations are increasingly paying the ransoms. They shouldn’t, but it would be a whole lot easier if they avoided being put in that situation in the first place. Torsten George offers “.”
4. PAM Myths: More Than Just a Vault? (But You Should Have a Vault Too)
IT professionals engaged in cloud migration projects are legitimately concerned about security. Their organizations may have deployed a PAM solution to secure on-premises infrastructure, yet worries remain about whether legacy PAM can adapt to secure the modern, hybrid enterprise. Watch, “.”
5. Securing Access to Cloud Workloads: Your Next IT Headache
Organizations are rapidly moving workloads to the public cloud, but cloud security is a shared responsibility between the cloud service provider and the customer. It’s the responsibility of the organization to secure privileged access to workloads on AWS, Azure, and Google Cloud Platform, attack surfaces that cyber-attackers are looking to exploit. To limit their exposure to attacks, organizations need to move to an identity-centric approach to securing privileged access to workloads in the cloud: “.”