Get Cyber Security Right in 2017

Prioritise privilege

In light of major cyber attacks in recent years, the average financial loss due to cybercrime in Hong Kong has quadrupled in four years to HK$266,526 per case in 2015. The total financial loss due to cybercrime also surged by 50 percent to HK$1.8 billion in 2015[1].

Prudent organisations understand the need to have a cyber-security programme in place to protect assets but it can be difficult to determine which investments will provide the best business value when making the budget case to C-level executives. This is true whether establishing a new security programme or updating an existing one.

When making security plans for 2017, nearly a third of businesses in Hong Kong are planning to invest in advanced security technologies in 2017. Hong Kong businesses recognise the growing need for managing high-risk areas like privileged accounts and consider a risk-based approach focused on the paths that attackers often take to access the most critical assets in an organisation. There are plenty of industry reports and government recommendations flagging the importance of securing privileged accounts and credentials —take your pick. The role they play in advanced attacks is well documented.

Privileged accounts are the gateway to your organisation’s assets

Privileged accounts give access to a wide range of assets, often with authority to make changes in settings and configurations. This makes privileged accounts the gateway to your assets. The credentials for these accounts—including cryptographic keys, passwords and hashes—are the keys to these gateways; they allow attackers who have breached the perimeter to travel horizontally and vertically throughout a network to reach and exploit their desired targets.

CyberArk research has found that, on average, 40 percent of the Windows hosts on a given network, if compromised, would provide an attacker credentials that would facilitate complete compromise of the vast majority of the other Windows hosts on that network—whether directly or through a series of compromises. Although 100 percent security of your network is not feasible, denying an intruder access to privileged credentials is a critical first step in reducing risk to your most valuable assets.

Prioritising the security of your privileged accounts is not only a good security plan, it is also a good business plan.

Making the business case for privileged account security

Most C-level executives are not hands-on in IT but they understand the need to protect an organisation’s assets, brand and reputation. Effective cyber security is necessary because if you lose administrative control of your infrastructure, you’ve lost control of your business. Your infrastructure no longer is working for you; it’s working for the intruder.

When making the case for prioritising privileged account security, consider the following points:

  • Metrics: Establish success metrics for your cyber security programme and show the progress made in improving your organisations’ security posture:
    • Discover the privileged accounts on your network and identify what assets they have access to;
    • Prioritise these accounts according to the risks they represent and create a tiered plan for securing them over time; and
    • Document and report progress in securing the accounts and their credentials. 
  • Demonstrate value: Reduce your organisation’s exposure to intruders and show the value this provides to the overall cyber security programme :
    • Identify the areas of greatest business impact (such as most sensitive operations, most valuable lines of business, markets with greatest growth potential, etc.);
    • Define the attack surface of these areas based on their exposure through privileged accounts; and
    • Demonstrate the reduction of the attack surface through progress in securing the accounts.

Prioritise privilege now

An effective cyber security programme is a must for your organisation and the best return on your investment comes from protecting the privileged accounts and credentials that intruders exploit. If you don’t do it now, you will have to do it after an intruder has breached your perimeter.

Why wait?

Here are the top five reasons to prioritise privilege account security:

  1. Privilege is the road most travelled by attackers moving through your network.
  2. Privileged accounts represent the express lane to your domain controllers, giving control of the infrastructure.
  3. Your security systems need to be secure; securing privileged accounts protects them.
  4. It’s a single solution to protect against both insider threats and external attackers.
  5. Securing privileged accounts is the first action you will have to take following a breach.

Take the first step

Make sure you know your network better than attackers. Take inventory of your privileged accounts. Take advantage of tools available to help your organisations discover privileged accounts both on-premises and in the cloud. Use the results to assess security risks, identify accounts with local administrator rights and identify machines vulnerable to credential theft. Prioritising the risks lets you begin improving security right away.

[1] http://www.infosec.gov.hk/english/crime/statistics.html


If you think this post is interesting, please share using the buttons below!
#privilege #security #risk #cybersecurity

Computer content control data image courtesy pixabay.com

There are no comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

freshmail.com powered your email marketing