We have been touring across the world since the beginning of the year, participating in several IT security events. While our main goal is to educate organizations–amid rising cybercrime– to reinforce their information systems by adapting to our risk-management solutions, we are also meeting with Chief Information officers (CIOs), Chief Information Security Officers (CISOs), and audit and compliance officers.
One-to-one meetings help us in understanding IT security needs. As an IT security provider, however, we must tell you that it is very heartening to find that organizations across all industries, have shown increased awareness towards cyber-security.
Nevertheless, there is one area about the IT security which has startled us: organizations’ lax attitude towards passwords management. In a recently concluded event held in Manila, while speaking to the audience, our Director asked how many among you change your passwords very often. Surprisingly, not many raised hands. We will have to get our basics right first. A good password management is the smallest step we can take to secure our personal information.
However, this method will not suffice for protecting your organization’s critical IT assets. This is because; privileged identities access highly sensitive data base servers. If breached by a disgruntled employee or insider, it can wreak havoc in companies. It not only damages the reputation but also inflicts material financial losses.
About two years ago, The Home Depot, one of the leading home-improvement retailers in the US, reported a data-breach incident of a gigantic proportion. Hackers stole some 40 million credit card details, including 54 million emails addresses connected with the individuals’ accounts.
The investigations into the incident revealed that hackers got hold of the customers’ payment records through the point-of-sale credit card system. This was possible as hackers had the username and password for one of the retailer’s third-party vendors. The method used by the hackers was very much like to the one used to infiltrate Target Corp’s network, just a year earlier.
What these incidents tell us is that irrespective of the size of organizations, information systems are always vulnerable to attacks. That danger amplifies especially when a company has a compromised Privileged Access Management (PAM) / Privileged Identity Management (PIM).
Indeed, the most recent Verizon data-breach investigation report has emphasized that point. Compromised privileged identities caused data breach incidents involving some of the largest corporations in the US, the report said.
The fact that hackers have been able to breach into confidential data of one of the biggest banks in the world and one of the biggest retailers in the U.S. is a major concern.
The cost involved due to a comprised PAM/PIM is huge. Home Depot incurred a cost of $19.5 million to cover the damages caused to its customers, which includes legal expenses.
Data breach incidents caused due to privileged misuse is on the rise. It might cause you a massive damage before you can even realize.
Needless to say, protecting privileged identities forms the cornerstone of IT security management.
ARCON provides state-of-the-art technology aimed at mitigating information systems related risks thereby enabling organizations to comply with Governance, Risk Management and Compliance (GRC) requirements. The company, in particular, is known for its unique Privileged Identity Management/Privileged Access Management solution, which helps deter the misuse of ‘privileged identities’.
Learn more about us at www.arconnet.com