Get a first-hand view on the State of Privileged Account Management (PAM), the benefits of Cyber Essentials and why reducing organisational risk in this ever-changing threat landscape is crucial to your business.
Privileged Account Management (PAM)
Many industry analysts have started to pay attention to Privileged Account Management over the past few years.
Privileged accounts are difficult to secure and one of the reasons for this is because they are unknown, if they are unknown then they are definitely unmanaged, which then means they are unprotected.
What runs parallel to the security benefits of being able to discover and manage privileged accounts is auditing and compliance control that comes with that. If those accounts are unmanaged then they are unprotected, so you have no auditing information and no access control around who did what and when with any of your privileged accounts.
Forrester’s reveals that 80% of breaches involve privileged credentials*.
What we are talking about here is the human and non-human privileged accounts that exist across your network and connected devices. It is critical yet often difficult for enterprise IT security teams to manage these without the correct tools in place.
*2018 Forrester Wave, Privileged Identity Management
SANS reveals that 85% of cyberattacks enter through compromised endpoints.
It’s difficult to comply with regulations and reduce risk, a least privileged policy is needed to remove excessive privileges and without adopting this least privilege policy virtually all windows and mac computers remain vulnerable despite having the tools in place, things like AV and web protection are of course important pieces of endpoint application, however if privileged accounts exist on the device it will always be an attractive attack vector.
Gartner ranks privileged account management as the CISOs #1 security priority.
This really does drive home the importance of how critical it is to secure privileged accounts and have the correct tooling in place. On that list of Gartner’s Top 6 Security Projects Thycotic address 4 of these within the 6:
- #1 – Privilege Account Management
- #3 – Anti-phishing
- #4 – Application Control
- #6 – Detection & Response
What this means is through a single toolset you can address 4 of the top major security projects ranked by Gartner CISOs report in 2018 & 2019.
Cyber Essentials & Cyber Essentials Plus
Cyber Essentials is essentially designed to help organisations of all sizes meet the basic level of cybersecurity and threat protection within your business.
What’s the difference?
Cyber Essentials Certification involves self-assessment with an online form to get self-certified.
Cyber Essentials Plus Certification involves the same procedure as Cyber Essentials however you will then need a certifying body that will validate all the information to meet the 5 core requirements of the certification.
The DCMS Cyber Security Breaches Survey 2019 reveals that 32% of businesses identified cybersecurity breaches or attacks in the last 12 months. Amongst those, 32% needed new measures to prevent further attacks, 27% took up staff time dealing with breaches or attacks, 19% had staff stopped from carrying out daily work and 48% identified at least 1 attack or breach a month.
This government led scheme outlined by the NCSC helps organisations meet foundational security requirements by addressing 5 technical controls, which will reduce organisational risk if addressed sufficiently.
Privileged Account Management (PAM) can assist with all of these technical controls. The tools Thycotic offer can drastically improve all of the processes that fall under the 5 technical controls outlined by the NCSC.
Download your guide to PAM and Cyber Essentials here.
Is Cyber Essentials Mandatory?
The Cyber Essentials scheme was launched on the 5th June 2014.
There has been a lot of traction over the last 18 to 24 months, however since October 2014 it became a mandate for any organisation looking to secure government contracts that involve handing personal information or delivery of certain ICT products and services. Equally so in January 2016 this certification become mandatory for the Ministry of Defence for all suppliers.
It is not mandatory just yet for many industries. The Cyber Essentials certification is a step in the right direction when it comes to proving that your organisation is serious about cybersecurity and getting ahead of your competitors. Let’s not only think of the outward facing benefits, this certification also gives you piece of mind that you know you have taken the fundamental steps towards reducing your organisational risk.
How Can We Help You?
There are many ways NetUtils can support you to have a good cybersecurity posture. If you would like deeper insight into how Privileged Account Management and Cyber Essentials can reduce your organisational risk, then get in touch today.