In keeping the novel coronavirus at bay, businesses also need to distance its infrastructure from risk, says this PAM proponent.
In recent months, social distancing has played a starring role in virtually every aspect of our personal and professional lives. Most of us are working from home. In short order, parents have transformed into teachers and caregivers—oftentimes, on top of their full-time jobs.
A quick walk down the street requires careful planning: Face mask? Check. Hand sanitizer? Check. Virtual gatherings have replaced social engagements.
It is hard to imagine when—or if—life will ever settle back to ‘normal’; regardless, social distancing is now part of our lexicon. While social distancing is about following recommended best practices to avoid catching or spreading something infectious, what kind of best practices should distance us from risks of cyberattacks?
Risk distancing is a reminder to follow best security practices to mitigate risks of an attack.
Bring Your Own Risk
The risk landscape has also been changed dramatically in the wake of the novel coronavirus. To maintain business continuity, businesses have rushed to implement new applications and services to make remote-work possible.
Risky work-from-home habits are putting critical business systems and sensitive information at risk. For instance, according to a recent survey by CyberArk, 77% of remote employees use unmanaged, insecure ‘BYOD’ devices to access corporate systems. Then, 66% of remote employees have adopted communications and collaboration tools with known security vulnerabilities, such as Microsoft Teams and Zoom. Meanwhile, opportunistic cybercriminals have increased their attacks—from targeting remote desktop protocol servers to launching sophisticated ransomware—in an effort to capitalize on the risks being taken.
Organizations are feeling challenged in how best to address infrastructure and productivity needs quickly and adequately and recognize the necessity of risk distancing. This is especially true when it comes to securing privileged access for remote workers on distributed corporate endpoints.
Reducing risk with PAM
Risk management should be looked at with a fresh perspective to identify, prioritize and mitigate risks through a systematic approach. Organizations need to practice risk distancing in the new normal and this can be done by adopting a proactive Privileged Access Management (PAM) approach that considers all vulnerable points in an organization’s cybersecurity landscape, secures control and assets, and tests defenses.
Privileged Access Management (PAM) is a proactive and effective way to protect critical assets, workstations, and remote user access. Organizations can use these five steps to practice risk distancing:
- Enforce the principle of least privilege and remove local admin rights on all endpoints to prevent lateral movement and privilege escalation.
- Secure remote user access to critical assets to critical assets with Zero Trust, multi-factor authentication and Just in Time provisioning for employees and third-party vendors.
- Use secure privileged access to newly provisioned cloud and SaaS applications without relying on hardcoded credentials or secrets.
- Conduct red team exercises to test defenses, given the new normal.
- Align PAM program security controls with the evolving risk landscape to ensure high-value assets are secured. Prioritise and execute risk mitigation with a phased approach.
With these steps, organizations can shape new strategies that effectively balance security and productivity and prepare themselves better for the future of work in the months and years ahead.