Privileged access management (PAM) has been around for over 20 years and has been widely adopted by enterprises, but we still hear of data breaches almost every week. How are attackers getting around PAM? The answer is simple: stolen admin credentials. According to Forrester Research, up to 80 percent of breaches occur due to compromised credentials.
The problem is heightened by the fact that IT and network administrators have 24x7x365 access to company networks, so all it takes is one hack, one single credential stolen, and then the attacker has the keys to the kingdom. From there, they can move laterally to steal IP and other sensitive data from HR, finance, R&D and other critical systems.
The Verizon Data Breach Investigations Report (DBIR) found that out of all attacks – 29% of total breaches involved the use of stolen credentials – second only to phishing. Current approaches to password security and PAM are obviously not enough. Simply put, PAM needs to evolve.
Gartner noted that Privileged Access Management will be the top cyber security project for 2019 the 2nd year in a row, which is why it’s not surprising that Gartner has named Remediant as a 2019 Cool Vendor and agrees there will be a much bigger focus on a new approach to PAM involving just-in-time administration (JITA). JITA allows system administrators to grant users privileges to resources for a limited period of time, in order for them to log in and address an issue, and then rescind that permission.
Making admin access more dynamic — granting it only when and where it’s needed — prevents persistent access that can open the door for data breaches. To add another layer of protection, this Just-in-Time approach can and should ideally be paired with two-factor authentication. This strategic approach gives the administrator the credentials they need, at the moment they need them, and configures permissions to expire after a specified time period to enable optimal security.
With credential-based attacks at an all-time high, we need a shift in our security strategy. Companies can gain the upper hand in cybersecurity defense once again by changing their perspective from not just who should have access to what, but when and for how long they should have access.