Have you ever heard about 250 years old ‘The Great Banyan Tree’, in the AJC Bose Botanical Garden, Kolkata, India? The vastness of the tree is almost the size of a Manhattan city block with 80 ft high and an area of 14,500 square ft. The number of roots and prop-roots of this banyan tree has surpassed 3600 and it has been a real botanical wonder since ages.
Overview
Can we think of an organization that does not have any segmentation of departments like marketing, finance, HR & Administration? The answer is probably NO – even if there is, the organization can never ensure systematic day to day activities. We don’t need to explain the importance of segregating the employees in various departments as per their roles. Similarly, an enterprise IT ecosystem requires a proper segmentation of a set of digital identities. It ensures role-based access to devices and target systems by authorized users assigned for a defined task.
Revolutionary technologies such as Internet of Things (IoTs) and cloud computing, AI, Big Data, et al have created enormous opportunities for global organizations. They have changed the way global corporations conduct business. While these technologies create new opportunities, they also make IT assets vulnerable. Indeed, with tons of data stored in the cloud, and critical systems with which end users interact, organizations risk data breach from malicious outsiders/ insiders.
Gartner in one of its reports namely, “Inadequate security sees surge in IoT data breaches, study shows” has confirmed that data breaches linked to IoTs have increased considerably over the last two years.
Data – the lifeline of any business organization, is under grave risk today due to numerous cyber security threats. Along with the rising number of threats, the nature of attacks is also getting sophisticated day by day. The cyber crooks are adopting advanced hacking techniques to steal sensitive data. Phishing, Ransomware, DDoS (Distributed Denial of Service) attack, Insider sabotage, social engineering, Botnet, cyber espionage etc. are some of the most common ways used by malefactors to abuse data.
Probably there are more number of digital identities today than the human population on this planet. Indeed, digital identities have spiralled as our modern day economy is propelled by cloud computing, artificial intelligence, and big data analytics among several other disruptive technology innovations.
Privileged Access Management (PAM) is one of the most discussed area of today’s cyber security arena. With the increased number of alarming data breach scenarios worldwide, it is very obvious that PAM solution would shield the organizations from any threats arising from unmonitored accounts or poor access control system. Here is a brief account of few practices that could enrich Privileged Access Management (PAM) to the next best level of robustness.
Defying the enemy within
As the wave of digitization sweeps across the nation, it is terribly crucial for the organizations, irrespective of large or small, to take adequate security measures for protecting their huge amount of data generated every day from various sources. The CISOs, CTOs and CSOs are ceaselessly on their toes to curb the chances of any hack or data breach incident that might push them towards big irrevocable losses. This scenario of insider threats is considered to be one of the most sinister reasons for digital disaster.
Identification of Insider Threats
The implications of insider threats largely go to the administrators and other privileged users, who are commonly
We have been touring across the world since the beginning of the year, participating in several IT security events. While our main goal is to educate organizations–amid rising cybercrime– to reinforce their information systems by adapting to our risk-management solutions, we are also meeting with Chief Information officers (CIOs), Chief Information Security Officers (CISOs), and audit and compliance officers.
One-to-one meetings help us in understanding IT security needs. As an IT security provider, however, we must tell you that it is very heartening to find that organizations across all industries, have shown increased awareness towards cyber-security.
A $101 million bank heist, earlier this year, brought the issue of cybersecurity to the forefront once again. In a sophisticated operation, cybercriminals robbed the Central Bank of Bangladesh by getting hold of SWIFT (society for Worldwide Interbank Financial Telecommunication code), the access code for global cross-border payment messaging system.
More important, it wasn’t an isolated case. Even as the dust over Bangladesh bank incident had not settled, the global banking system was again taken aback. This time it was an Ecuador bank, which was hit by a $12 million cyber-heist. The modus operandi was same.
Andrew Dalglish, director of Circle Research, a UK based research firm recently said “The very people working in businesses can pose as the biggest threat to its security.” That’s a pretty huge statement to make come to think of it. Why would he say that when organizations across the world are taking the necessary precautions and spending billions on IT security? Well the answer to that is simple; most organizations are still focused on thoroughly securing their perimeter. Based on a survey by SpectorSoft, a pioneer in user activity monitoring and behavior analysis, a staggering 62% organizations saw a rise in insider attacks over 2014-2015. This means, although a majority of the organizations are aware of privileged access security and have security solutions in place, they have seen a rise in insider threats. Research firm Gartner has solved this mystery stating “Less than 5% of the organizations were tracking and reviewing privileged activity in 2015. The remaining are at best controlling access and logging when, where and by whom privileged access has taken place but not WHAT actually is done.”