“Identity has become the new perimeter”, said Vincent Goh, Senior Vice President, Asia Pacific and Japan, CyberArk, in an interview with CSA regarding the security gaps which IT teams need to address today.
According to him, organisations have adopted cloud-based technologies and services on a grand scale over the last few years, which the pandemic has only accelerated in just a few months. This has resulted in a more distributed workforce – essentially eroding the network perimeter of businesses as we know it.
In addition, Vincent explained that the cloud has increased the attack surface disproportionally. For example, organisations are now seeing a vast uptick in credentials for both humans and non-humans as they enable remote work. Such credentials are what allow employees and even bots to access sensitive data, systems or services anywhere, faster.
“These credentials are associated with identities, and as we know, identities and credentials are nearly always what attackers seek in order to achieve their aims of compromising data or assets. Securing and managing identity, then, has come to the forefront of cybersecurity as a strategic imperative”, added Vincent.
That is why identity has now become the new perimeter – it is what connects users to their devices and apps and, in turn, bridges them to the assets they need to access.
In 2020, CyberArk managed to prevent potential cyber attacks that utilise such credentials to compromise organisations. CyberArk’s lab team discovered – and responsibly disclosed – a critical security vulnerability in the Microsoft Teams desktop and browser that could potentially have exposed users to data theft, compromised credentials, ransomware attacks and corporate espionage, according to Vincent.
Such an instance, along with many other cybersecurity threats that occurred last year, has taught everyone that every organisation has something of value to an attacker.
“An effective cybersecurity strategy is one that understands the pathway that an attacker takes to get to that thing of value, whether it is data or an asset. Typically, this pathway is secured by understanding the privileges and credentials that humans and non-humans use to access this data or asset”, Vincent added.
These attacks have also been a revelation for many C-level executives among organisations, compelling them to finally prioritise cybersecurity. For Vincent, we are now seeing these changes in businesses and with good reason. CISOs (Chief Information Security Officers) have been thrust to the front line because of the clear security risks that now go hand-in-hand with day-to-day operations.
Vincent added that cybersecurity is slowly but surely being prioritised more by boards nowadays compared to five to ten years ago. According to him, those that still do not are those who fail to recognise it as a business issue and view security as a tactical tool that only comes into play when there is an incident.
CyberArk believes that to counter cybersecurity threats and vulnerabilities, effective privileged access management is necessary. As a trusted security advisor for organisations worldwide, the security firm developed the CyberArk Blueprint, a privileged access management maturity framework.
It is a prescriptive, collaborative programme with the output of allowing customers to understand how to drive lasting organisational change and achieve measurable, progressive results that reduce privilege-related risk.
With this solution, Vincent said that security teams will be able to monitor human and non-human accounts with privileged access to critical information and assets.
The CyberArk Blueprint is also built on three guiding principles to help you achieve the highest level of protection against the most common risks in the attack chain for privileged credentials. These are: preventing credential theft, stopping lateral and vertical movement and limiting privilege escalation and abuse. The solution works whether you have an on-premises, cloud or hybrid IT environment.
“Cyber threats are growing in every industry, and protecting sensitive information is set to get even harder as access to it is expanded. In this uncertain environment, it is more important than ever for organisations to invest in robust security solutions to keep themselves and their ecosystems safe”, ended Vincent.