Authored by: Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific and Japan, CyberArk
With the COVID crisis far from being over, the Singapore government is encouraging businesses to continue with work-from-home arrangements as the default mode of working to safeguard the health of employees. This means that many employees will continue to use personal devices on unsecured networks - often without understanding the potential risks to company security. The Ministry of Manpower’s (MOM) workplace requirements for businesses, after the Circuit Breaker period ends, notes that employers should provide the necessary IT equipment to facilitate remote working and ensure COVID-safe workplaces for employees.
As remote working arrangements are extended, a security infrastructure that will allow employees to safely access sensitive company data from home is imperative. In leveraging technology to manage access to a company’s IT network, privileged access management (PAM) is one of the fastest, and most effective ways to reduce risk across the remote workforce. For companies with employees who have privileged access to company data, monitoring and management of access controls should be a priority for organisations. Privileged access is the gateway to an organisation’s most valuable assets and is at the core of nearly every major data breach. For instance, Under Armour U.S. reported a privileged access attack in 2018 when someone gained unauthorised access to its platform, hosting IoT device data for tracking users’ diet, exercise, and health. Without a strong plan for PAM, changes to privileges can quickly become a new point of vulnerability for organisations.
Here are four reasons why PAM is more important now than ever:
Protection Against Insider Threats
We all make errors, especially when it comes to cybersecurity. We save passwords in browsers, download unsanctioned apps and share sensitive files via collaboration tools. While not malicious in and of itself, these activities can unintentionally put data and systems at risk.
Attacks hinge on the current chaos and, target employees, contractors and other “trusted insiders” with a barrage of phishing and socially-engineered attacks. Successfully deceiving just one user is sufficient to compromise the entire system. After gaining access to an endpoint, an attacker can establish a foothold inside the organisation, escalate privileges and masquerade as a privileged insider. If the compromised user already has privileged access to business-critical systems, system admins, robotic process automation (RPA) administrators, IT help desk team members, or executives, the attacker has hit the jackpot.
While most insider threats are accidental, times of significant change can also fuel malicious insider attacks. If privileged access has not been properly managed, it is easy for a disgruntled employee or financially motivated former contractor to use their credentials to bypass security measures legitimately. Privileged access management solutions that offer insider threat mitigation allow organisations to give only the necessary levels of access for employees to do their jobs, which helps ensure that activities across the distributed network are not malicious, and that security operations teams can take quick action if they are.
Securing Cloud Environments as Usage Takes Off
Analysts have indicated that companies may use this time to accelerate their journey to the cloud to empower remote workers. This is sensible for some reasons. Software-as-a-service (SaaS) solutions provide fast, streamlined ways for employees to connect and collaborate, store information, and get their jobs done. Furthermore, scalable SaaS tools are helpful for overworked IT teams, since they are easy to deploy, cost-effective and eliminate infrastructure headaches.
Despite organisations deploy cloud services in record numbers, many are doing so without fully considering the potential security risks. A CyberArk survey found that less than half of businesses have a PAM strategy in place for securing privileges in the cloud. Yet, privileged credentials and secrets exist across cloud resources. Attackers will be working to exploit wherever privileges exist. In the rush to get new or expanded cloud environments up and running, security teams cannot afford to fix issues after cloud services are deployed.
A strong PAM strategy applies to everywhere privileges reside, including SaaS applications, cloud management consoles, custom-built applications, cloud infrastructure, endpoints, and on-premise environments. This gives organisations a comprehensive view of privilege-related risk and drives efficiency through an integrated approach.
Securing Employee Endpoints
With employees working from home offices using unsecured “BYOD” devices on similarly unsecured home networks, protecting employee workstations is easier said than done. A remote worker on their home computer is not restricted by what they can download or the sites they can visit. Giving remote workers local admin rights allows them to download and install programs, connect and install devices, and access corporate systems and information without going through IT or security teams. Local admin rights also benefit cyber attackers looking to escalate privileges, making remote workers high-value targets.
Privilege management, as part of a broader defence strategy for endpoints, is essential for containing cyber attacks early in their lifecycle. PAM enables organisations to remove and manage local admin rights efficiently and enforce least privilege, or minimum levels of access needed to perform a particular job function. It also gives organisations the ability to provide flexible just-in-time access, so that human and non-human users can gain privileged access to an application or system in real-time to perform a necessary task, and enforce application control to keep remote workers productive and secure. Properly implemented privilege management, on endpoint, has also proven to be 100% successful in protecting against ransomware. Ransomware is one of the highest rising attack vectors during the COVID-19 situation. It has affected many large organisations, even in Australia, and remains a big concern to many.
Protecting Supply Chains
This turbulent time extends beyond your remote workforce. It impacts every third party vendor, contractor, consultant and service provider in your supply chain.
In fact, 90 per cent of organisations provide third-party vendors with privileged access to critical internal systems to manage data as well as patch or upgrade systems, according to CyberArk research. These users are not managed by the organisation, which makes it difficult to secure and control their access. Making matters worse, many of these third-party vendors also work remotely, compounding the risks.
Traditionally, organisations have relied on VPNs and other legacy solutions for access. These solutions are limited in not being able to provide the granular permissions required to secure a high level of access properly. VPNs also require agents and passwords that add more work for overburdened IT operation teams, and slow users down. Innovations in PAM technology are helping organisations overcome these challenges by authenticating vendor users with biometrics and multi-factor authentication (MFA). These approaches help organisations remove operational overhead, keep vendor workflows intact and improve overall cybersecurity.
As organisations make remote working permanent, and new applications and services are added, PAM is essential in preventing costly security breaches caused by lax security measures. Cyber attackers are persistent, and security professionals need to have long-term commitment to fight against the risks.