Is your business taking privileged user threats seriously enough?

Published on 28 May 2018

2016 was reported to be the worst year for cyber breaches. That was until 2017 came along,  where the likes of WannaCry and Petya hit the headlines and topped the previous year.

Now we’re in 2018, and chances are, this year will be another shocking period for breaches.

It’s not hard to imagine why. More data, more users on a network and more complex IT infrastructures mean staying in control is difficult. And despite all the investment businesses are making into security tools and education, attackers are still managing to slip through the net.

The privileged user problem

A major source of these woes is the compromised privileged user account. Balabit research found that 58% of employees say their company doesn’t take security threats related to privileged user accounts seriously enough – this is worrying news for any IT security team.

After all, privileged users are the ones with unrestricted access to a network. They’re in a position to change, copy or delete files without raising any alarms. In essence, access to such accounts allows criminals to act with the upmost stealth.

To further the problem, our research also found that 71% of businesses say the number of privileged accounts within their organization grew last year, while 70% expect it to grow even more in 2018. Again, this presents a challenge to security. The more privileged user accounts a business has, the more activity there is to monitor. And unless IT resources are stretched to cover this, the more chances there are of criminals gaining access and compromising a network (or for employees to make accidental or malicious mistakes).

To stop this problem getting worse, businesses need to take the privileged user threat more seriously. Malware, ransomware and phishing attacks may be the ones that make front page news, however, compromised credentials can cause just as much – if not more – damage.

The implications of complacency (and what to do about it)

You’d assume that once a breach occurs, businesses would up their defenses to be impenetrable. But the fact is, breaches are now seen as an inevitable part of everyday life. Our research shows that of the businesses that have suffered a breach this year, more than a quarter (27%) expect to be breached again in the next 6 months. Considering how it can often take months to get things running back to normal again, this turnaround time in data breaches means IT teams are constantly fighting fires.

Yet tackling the challenge isn’t insurmountable. With the right defenses in place, as well as wider visibility into how their network is running, businesses can prevent catastrophe, and not simply mend it. This involves a two-step approach:

  1. Use the right technology

Knowing who’s accessing what is key to managing privileged user risk. But this needs to be done passively and not hinder employees’ productivity. With a Privileged Access Management (PAM) solution, IT teams are granted unprecedented levels of control. Critical IT assets can be managed from one central point, while privileged user sessions can be monitored in real time. What’s more, a wider picture of user behavior can be built up based on genuine privileged users. Anything that deviates from this norm can be picked up immediately.

  1. Encourage the right culture

A recent report by Capgemini highlighted there’s a 25 percentage point gap between the demand of cybersecurity skills compared to the availability of cybersecurity skills. Bridging this gap won’t happen overnight, but businesses can help by better educating their employees. This can range from reminding people of security basics (such as password best practice), to rewarding and recognizing those who do the right thing by security. And for a good security culture to be instilled, security needs to be made applicable to everyone in the organization, regardless of department or rank.

These are just two basic steps that businesses must consider when implementing their wider security strategy. According to the Ponemon Institute, the total cost of a successful cyber-attack today is over $5 million, or $301 per employee. These costs include everything from damage to infrastructure and system downtime, to theft of information assets and productivity loss. Taking privileged user threats seriously is a crucial step in preventing disaster from happening and ensuring your business avoids these costly (and often preventable) mishaps.


Read our report, IT Out of Control, to learn more.

by Balabit

Balabit, a One Identity business, is a leading provider of Privileged Access Management (PAM) and Log Management solutions. Founded in 2000, Balabit has a proven track record of helping businesses reduce the risk of data breaches associated with privileged accounts.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

The top IT Security trends to watch out for in 2018

With 2017 now done and dusted, it’s time to think ...

The key takeaways from 2017’s biggest breaches

Like many years before it, 2017 has seen a large ...

Why is IT Security winning battles, but losing the war…?

This is a guest post by Adrian Asher, CISO at London ...

“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”

– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser