According to a survey by software provider BeyondTrust, companies that make a commitment to managing privileged access distinguish themselves, perhaps not surprisingly, as being better able to mitigate the effects of data breaches than their less-diligent peers.
Citing stats from a Verizon breach report indicating nearly two-thirds (63 percent) of confirmed data breaches involve weak, default or stolen passwords, BeyondTrust says firms with effective security infrastructures also tend to share leading password management practices. BeyondTrust surveyed more than 500 IT, info security and compliance professionals, and segregated responding organizations into two tiers after comparing their self-reported policies with leading industry and security practices.
For instance, 92 percent of the top-tier companies have centralized password management policies, such as mandating password length and complexity, compared with 25 percent of the bottom-tier organizations.
One of the leading differences between leading and lagging organizations, according to BeyondTrust, is aligning IT access with business need and risk. For example, 57 percent of the top-tier companies evaluate the risks posed by specific applications and systems, versus only 6 percent of their bottom-tier peers. Similarly, among the top-tier companies, nine out of 10 issue access permission by specific application rather than by users.
Top-tier companies are described as being more likely to conduct vulnerability assessments, with 91 percent describing assessments as a routine practice (compared with 20 percent of bottom-tier companies).
It’s also important to pay attention to more routine security practices. Password cycling – changing user passwords at routine intervals – is also more common among top-tier organizations (76 percent, compared with 14 percent of lower-tier companies).
Credential management – making sure users only have access to tools they need and that permissions are revoked as employees leave the organization – was cited by 73 percent of the leading companies, compared with 36 percent of the bottom-tier organizations.
BeyondTrust recommends five practices to help companies enhance their security postures:
- Be granular – Implement least privilege policies to reduce the risk of granting unfettered access that employees may not need.
- Understand the risk – Vulnerability assessments can help organizations balance security and vulnerability.
- Augment technology with process – Establish and maintain strong password management practices.
- Consider real-time monitoring – Monitoring network activity can provide early warning of unusual network activity that can indicate early signs of a breach.
- Integrate security solutions – Tools that only provide specific functionality can increase complexity and risk.