Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

44% of data breaches in the last year involved privileged identity according to global Balabit research report

44% of data breaches in the last year involved privileged identity according to global Balabit research report

Only 41% of privileged accounts are assigned to permanent employees of the business with the majority being made up of contractors, third-party vendors and resellers – indicating IT has less visibility of privileged account access.

Nearly half (44%) of data breaches in the last year involved privileged identity according to a research report from Balabit, a One Identity business and a leading provider of Privileged Access Management and Log Management solutions. The report titled, IT Out of Control, also revealed that only two out of five (41%) of these privileged accounts are assigned to permanent employees with the majority being made up of contractors, vendors and third-parties. This is a problem that is getting worse, with 71% of businesses saying the number of privileged accounts in their network grew last year, and 70% expect the number of accounts to grow even more this year.

The IT out of Control eGuide is part of the Unknown Network Survey, which was conducted in the UK, France, Germany and the US, and reveals the attitudes of 400 IT and security professionals surrounding their concerns over IT security and their experience of IT security breaches, their understanding of how and when breaches occur and how they are trying to combat hackers and privileged account misuse.

Trust but verify – are businesses losing control?

When privileged accounts are misused in a data breach, often a malicious insider has misused their access, or a criminal hacker has hijacked the account through social engineering methods. Subsequently, finding the identity of the criminals is an impossible task. It should come as no surprise that IT teams have low confidence when it comes to having visibility of what is going on in their networks, with only 48% believing they can account for all permanent staff’s privileged access and the data they have access to. Only a further 44% believed they could account for all third-party vendors’ privileged access and the data they have access to.

This has led to 58% of respondents saying their company must take security threats related to privileged accounts more seriously. Worryingly, 67% of respondents say it’s quite possible that former employees retain credentials and can access their old organisation’s network.

This highlights the urgent need for the board to recognise the risks of privileged account misuse. More privileged accounts have led to increased risks for organisations. Simultaneously, it has become increasingly difficult for IT managers to keep track of who is accessing what data files and applications. As a result, ensuring that trust is validated and verified has become an overwhelming undertaking. In the same way that trusted employees can turn on a business, so can a vetted outsider.

‘Privileged Identity Theft is a widespread technique in some of the largest data breaches and cyber-attacks. A wide range of organisations have fallen victim to sophisticated, well-resourced cyber criminals but often these attacks are easy to carry out, through the use of social engineering techniques such as a simple phishing email.’  said Csaba Krasznay, Security Evangelist, Balabit.  ‘Measures exist to mitigate the risks of the attack. Relatively straightforward process improvements combined with the correct technologies such as session management and account analytics can help detect compromised privileged accounts and stop attackers before they are able to inflict damage on organisations.’

Solutions such as privileged access management (PAM) can help. Unlike traditional security systems, which see IT managers relying on manual methods of privileged user management, PAM provides replicable processes to track and manage privileged credentials.

When it comes to an effective security strategy, there are three pillars of defence that need to be taken into account. The first line of defence should be Password Management tools which protect privileged credentials. The second should be Privileged Session Management, which continuously monitors privileged accounts to identify anomalous activity. The third pillar should then be Privileged Account Analytics, a continuous verification of users, based on behaviour. Security teams can then identify whether a privileged account has been hijacked or if a trusted insider has turned malicious.

Nowadays, cyber breaches are coming from all directions. Businesses must be able to protect themselves from threats at home as well as those from the unknown corners of the internet. But with the proliferation of third-party partners, contract workers, remote working and BYOD policies protecting an organization is now a borderless challenge.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post