Privileged accounts, such as local admin and service accounts, exist everywhere in multiple places throughout an organization, and trying to manually discover and manage them is virtually impossible. That’s why Thycotic recommends automating privileged account discovery on a continuous basis so that you can see what you need to protect and what security controls should be in place.
The fact is that for many years, privileged corporate accounts have been one of the most popular gateways through which cybercriminals managed to gain access to systems and sensitive data. And most probably this won’t change in the next year either, because when it comes to managing and securing privileged accounts (including administrator, service, machine or database accounts), many companies still have a lot of catching up to do.
As the State of PAM Maturity Report 2019 from Thycotic shows, 55 percent of companies do not have an overview of how many privileged accounts they have or where they are located. More than half of these accounts also have an unlimited term. Once hacked, they give cyber criminals unrestricted access to sensitive resources and grant control over the entire network. Those who want to avoid this in the future should start regaining control of their privileged accounts. A first step is the automated identification of the accounts and the restriction of far-reaching authorizations with the help of a ‘least privilege strategy’.
Deepfakes take identity theft to a new level
With the increasing use of social media, identity theft and abuse has become a mass phenomenon. While the threat potential was already very high thanks to risky password practices and careless handling of personal data, deepfake technology is now taking the threat to a completely new level. Cyber criminals or hacktivists use artificial intelligence to retouch a person's face or voice into existing video or sound material in a deceptively real way. While deepfakes have so far been particularly popular in the porn industry, they will increasingly appear in the cybercrime environment, for example to optimize phishing campaigns or CEO fraud.
Security-as-a-Service (SECaaS) on the rise
More and more companies are getting convinced of the advantages of SaaS tools - especially in the area of IT security. SECaaS solutions are usually characterized by a flexible cost structure, as resources are only rented in the sense of a pay-to-use service. Since there are no installation, maintenance, upgrade, or depreciation costs, both up-front investments and long-term costs can be significantly reduced. As the shortage of skilled workers continues to increase, it can also be assumed that companies will increasingly purchase SECaaS solutions from Managed Security Service Providers (MSSPs) in the coming years.
Business leaders need to understand the strategic importance of cybersecurity
In general, the security level of many companies does not do justice to the current threat landscape. One reason for the reluctance to invest is the lack of visibility of the effectiveness of security measures, which are often seen as purely preventive measures. However, the management overlooks the fact that investments in cybersecurity are also investments in the profitability and competitiveness of their company. New IT security measures not only mean better protection against cyber-attacks and data loss, but in the best case also cost and time savings and the associated economic efficiency. In this way, innovative security solutions, that go beyond their security function, create significant clarity and transparency, as well as automate processes, which ultimately means that employees are relieved of their daily work and can work more efficiently. CIOs and CISOs are now asked to convince their superiors of the business benefits of new security investments instead of just focusing on the "security-related” advantages.