DIGITAL ☛ WEB VERSION: https://bit.ly/2Z8Dsml


Organisations worldwide recognise the problem. Our own Global Advanced Threat Landscape survey found that ransomware and malware were seen as one of the top three threats faced by 59 percent of respondents (all of whom were security professionals). But what are they doing about it?


Denying the prize It’s been demonstrated time and time again that attacks will follow the path of least resistance, almost always targeting privileged credentials that provide access to the most sensitive areas of corporate networks. It’s no different during this period of increased online activity – attackers are using social engineering techniques that prey on contemporary trends and concerns to seize credentials used or stored on corporate devices, as well as exploit a user’s privileges on said devices.


The management of privileged credentials is known as privileged access management and involves


the implementation of strict access controls over individual accounts within an organisation’s network. Providing users with unique credentials each they time they require access to data/ information means security teams can limit user access to the specific areas of a network staff require in order to fulfil their work obligations. By doing this, attackers are denied freedom of movement and are much less likely to move laterally across a network even after compromising a user’s account. Without these controls, cybercriminals can hop from one account to the next, slowly making their way towards the more critical assets.


Despite its vital nature, securing privileged access has often gone under the radar within corporate cyber- defence strategies.


Two pieces of evidence from CyberArk’s study back up this worrying picture. First is that only 41 percent of security professionals understood that


homeofdirectcommerce.com | Direct Commerce


privileged credentials exist on user machines. The second is that only 27 percent said that their organisations were planning to introduce the principle of ‘least privilege’ security on the infrastructure running their business- critical applications.


One way to look at it is: if you don’t know something is there, it’s hard to protect it. As we experience this ‘new normal’ way of working, locking down least privilege on employee laptops is an extremely effective way of stopping an attack from spreading. It’s not just access to user machines that is at stake here, but to the valuable assets and data held elsewhere in the network.


To avoid exacerbating the risk of cyber-threats presented by home working, people must limit their online activities when at work, be sensible about what they search for, and, most importantly, security teams must stop laptops used by home workers from acting as launchpads to a much more damaging compromise.


33


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50