Keep your security healthy by ‘risk distancing’

In a world where work from home is the new normal, cyber criminals are finding new ways to infiltrate organisations. Privileged access management may be the best method of defence against this.

Johannesburg, 26 Aug 2020
Read time 3min 30sec
David Higgins, Technical Director, CyberArk
David Higgins, Technical Director, CyberArk

When people talk of the ‘new normal’, it is much more than just another catchphrase – the COVID-19 pandemic has significantly changed not only how people shop and socialise, but also the manner in which they work. Millions of employees have had to shift to remote work, and as IT teams find themselves working furiously to execute business continuity plans, cyber criminals have been working just as hard to exploit weaknesses in the dynamic and shifting environment created by the virus.

Staying ahead of known and emerging threats in this new landscape has effectively added new levels of complexity to what was an already complicated job. CIOs and CISOs at businesses around the globe are searching for the best way to handle these new challenges, while at the same time keeping employees safe and productive.

Much like social distancing has played a key role in the safe continuation of virtually every aspect of people’s lives in recent months, explains David Higgins, Technical Director at CyberArk, when it comes to security, experts need to consider implementing ‘risk distancing’.

“While social distancing is about following recommended best practices to avoid catching or spreading COVID-19, risk distancing is a reminder to follow best practices for security, in order to mitigate the risks of an attack,” Higgins says.

“Bearing in mind that the risk landscape has shifted significantly in the wake of the ongoing pandemic, companies that rushed to on-board new applications and services to make remote work possible now face many new challenges. For one thing, risky work from home habits mean that a company’s critical business systems and sensitive information may suddenly be put at risk from an entirely new vector.”

Higgins says that a large proportion of home-based employees utilise their own, often insecure devices to access corporate systems, while many are also making use of collaboration tools that have known security vulnerabilities. This makes them the ideal targets for opportunistic cyber criminals.

“When it comes to implementing the principle of ‘risk distancing’, one of the most effective ways of achieving this and effectively protecting critical assets, workstations and remote user access is via privileged access management (PAM).

“Privileged access allows organisations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure. Therefore, PAM offers enterprises a strong measure to help protect against the threats posed by credential theft and privilege misuse.”

PAM, continues Higgins, refers to a comprehensive cyber security strategy – comprising people, processes and technology – to control, monitor, secure and audit all human and non-human privileged identities and activities across an enterprise IT environment.

“One of the keys to its success is the fact that PAM is grounded in the principle of least privilege, which is essentially a scenario wherein users are only given the minimum levels of access required to perform their job functions. The principle of least privilege is widely considered to be a cyber security best practice and is a fundamental step in protecting high-value data and assets.”

Therefore, by enforcing the principle of least privilege, adds Higgins, enterprises can significantly reduce the attack surface available to cyber criminals, as well as mitigate the risk from malicious insiders – both of which can lead to costly data breaches.

“There can be no doubt that COVID-19 has altered the business landscape in a major way, and that staying ahead of known and emerging threats in this new arena has added additional layers of complexity for corporate security teams. However, by practising risk distancing in the form of PAM and keep threats at arm’s length, CIOs and CISOs at businesses around the world can implement one of the most effective ways of handling these increased challenges, while at the same time keeping employees safe and productive,” concludes Higgins.