I started working with IT Security and Cybersecurity in 2001 and they became my passion. Since then, reading about the latest related topics is one of my habits. Because IT security and cybersecurity are such broad subject areas, I think one never stops learning. Socrates said ‘I know that I know nothing.’ I feel very similarly .
When I read the latest report from the Verizon Data Breach Investigation Report (DBIR 2020), I learned that the use and abuse of stolen credentials by hackers is the main reason for data breaches since 2015. More than 80 percent of breaches involve brute force or the use of lost or stolen credentials. Privileged accounts are usually the way to gain access to critical and important information that can be capitalized. For this reason, they are the main targets for hackers. Poor protection measures applied to these types of accounts make them vulnerable and expose them to abuse. A Privileged Access Management (PAM) vulnerability is a deficiency that will be a problem when it is discovered and exploited. Common vulnerabilities in privileged accounts include:
- The lack of a password vault
- No enforcement of password-change policies
- Excessive privileges
- No time limit on the use of privileged accounts
Reading the report, I asked myself the following questions: How can an organisation be prepared for these and other types of risks? What preventive and monitoring measures can be implemented to reach this goal?
In March 2020, I had the opportunity to create a free PAM webinar. As part of this event, I wrote a white paper titled Best Practices of Risk Management for Privileged Access Management. I also prepared a demonstration about how our PAM solutions suite, One Identity Safeguard, can help your organization mitigate risk by implementing a PAM approach.
In the white paper, I share an effective risk-management process that can help with your PAM strategy. In addition to my years of study on the subject, this process was created with significant contribution from my One Identity colleagues and my managers, who are all experts in PAM and the function of Safeguard.
I am sharing the abstract of the white paper with you, hoping that you will read and enjoy it. Most importantly though, I hope it will give you ideas on how to protect and monitor the use of privileged accounts and the assets that store them in your organization.