Page 18 - AeM_September_2020
P. 18
RESEARCH
ANALYSIS
TRENDS
Privileged accounts remain a popular
gateway for hackers
Privileged accounts, such as local admin and service industry, they will increasingly appear in the cybercrime
accounts, exist everywhere in multiple places environment, for example to optimize phishing
throughout an organization, and trying to manually campaigns or CEO fraud.
discover and manage them is virtually impossible.
That’s why Thycotic recommends automating privileged Security-as-a-Service (SECaaS) on the rise
account discovery on a continuous basis so that you
can see what you need to protect and what security More and more companies are getting convinced of the
controls should be in place. advantages of SaaS tools - especially in the area of IT
security. SECaaS solutions are usually characterized
The fact is that for many years, privileged corporate by a flexible cost structure, as resources are only
accounts have been one of the most popular gateways rented in the sense of a pay-to-use service. Since there
through which cybercriminals managed to gain access are no installation, maintenance, upgrade, or
to systems and sensitive data. And most probably this depreciation costs, both up-front investments and long-
won’t change in the next year either, because when it term costs can be significantly reduced. As the
comes to managing and securing privileged accounts shortage of skilled workers continues to increase, it can
(including administrator, service, machine or database also be assumed that companies will increasingly
accounts), many companies still have a lot of catching purchase SECaaS solutions from Managed Security
up to do. Service Providers (MSSPs) in the coming years.
As the State of PAM Maturity Report 2019 from Business leaders need to understand the
Thycotic shows, 55 percent of companies do not have
an overview of how many privileged accounts they strategic importance of cybersecurity
have or where they are located. More than half of these In general, the security level of many companies does
accounts also have an unlimited term. Once hacked, not do justice to the current threat landscape. One
they give cyber criminals unrestricted access to reason for the reluctance to invest is the lack of visibility
sensitive resources and grant control over the entire of the effectiveness of security measures, which are
network. Those who want to avoid this in the future often seen as purely preventive measures. However,
should start regaining control of their privileged the management overlooks the fact that investments in
accounts. A first step is the automated identification of cybersecurity are also investments in the profitability
the accounts and the restriction of far-reaching and competitiveness of their company. New IT security
authorizations with the help of a ‘least privilege measures not only mean better protection against
strategy’. cyber-attacks and data loss, but in the best case also
cost and time savings and the associated economic
Deepfakes take identity theft to a new level efficiency. In this way, innovative security solutions,
that go beyond their security function, create significant
With the increasing use of social media, identity theft clarity and transparency, as well as automate
and abuse has become a mass phenomenon. While processes, which ultimately means that employees are
the threat potential was already very high thanks to relieved of their daily work and can work more
risky password practices and careless handling of efficiently. CIOs and CISOs are now asked to convince
personal data, deepfake technology is now taking the their superiors of the business benefits of new security
threat to a completely new level. Cyber criminals or investments instead of just focusing on the "security-
hacktivists use artificial intelligence to retouch a related” advantages. ◊
person's face or voice into existing video or sound By MediaBUZZ
material in a deceptively real way. While deepfakes
have so far been particularly popular in the porn
September 2020: Cybersecurity & Data Safety: perpetual awareness and innovation presupposed 18