The consequences of a cyberattack are costly. According to Accenture's Ninth Annual Cost of Cybercrime Study, the average financial impact of a hack has risen from $1.4 million to $13 million per attack. And looking back to 2020, that number will continue to rise. That's why you need to protect yourself smartly.
And managing privileged access prevents cyber attacks.
Maintaining business continuity and resilience in the face of this dynamic threat landscape starts with understanding an attacker's mindset. Motivations vary, but the attack cycle remains much the same in all cases.
Criminals will first use common means, such as phishing or exploiting a known software vulnerability, to gain a foothold on a corporate network. Second, they will exploit privileged accounts, which are those with broad and powerful administrative access.
The interesting thing is that if there is no privileged access, the vast majority of attacks do not proceed beyond early stages.
Rapid business transformation, led by investments in digital technologies, has expanded privileged accounts into cloud and hybrid environments. With this, there are even more potential points of access.
Today, critical business processes, applications and cloud instances, for example, have privileged accounts associated with them for security.
Thus, gaining privileged access is a priority for attackers.
Ensuring privileged access management helps reduce the attack surface by breaking the attacker's toolkit and restricting the spread of an intrusion. Limiting lateral movement forces attackers to use more complex tactics. These tactics are easier to identify, so organizations can be alerted and are able to stop the progression of the attack before the business is dramatically impacted.
So we've separated two strategies that prioritise privileged access management to arm companies in defending against them.
Stop the escalation of privilege
The software and application brands that businesses trust can be riddled with misconfigurations and vulnerabilities, even more so if basic updates and patches are not being consistently applied. Today, we know that 60% of data breaches involve unpatched vulnerabilities.
Except that for the attacker, the vulnerability itself represents just an open door to gain that initial position. The critical point is how they use that starting position to escalate privileges and facilitate lateral movement in increasingly distributed and decentralized networks.
Privilege escalation is the most critical link in the attack chain. An attacker can perform multiple steps, including network persistence, building additional backdoors, and finally gaining access to critical assets.
A modern privileged access management program enforces the principle of least privilege. That is, it helps ensure that users only have the access they need to perform their jobs, and nothing more. This places limitations on special permissions, further reducing the overall attack surface.
Prevention of account takeovers
Account takeover (ATO) attacks are sophisticated, targeted, and designed to give the attacker as much control over an environment as possible so that they can steal and exploit legitimate user credentials.
Attackers prioritize privileged credentials, especially for accounts with "always-on" access. These powerful accounts allow attackers to move across a network and reach for example a directory service such as Active Directory, from where lateral movement becomes automatic.
Privileged access management solutions that include just-in-time access controls can dramatically reduce the attack surface by protecting authentication credentials that are spread across environments. A just-in-time approach helps provide the appropriate levels of access to the right resources for the right time, eliminating the always-on accounts that attackers covet. This makes life much harder for the attacker by preventing privilege escalation and severely restricting lateral movement.