bienvenido a t-cert
The financial reward continues to motivate many attackers, advanced threats also pose a risk to the vast amount of sensitive data they are accumulating. So what can companies do to protect their corporate networks this year? CyberArk outlines three steps you should take to protect your corporate networks.
An IDG study highlights that about 92% of organizations' IT environments are already, to some extent, in the cloud. But the changes bring new challenges. And the cloud is no exception. A larger attack surface is one of the complex idiosyncrasies of the cloud. So when traditional network perimeters are phased out, the liability issue must be addressed. Whose responsibility is it to protect data hosted in the cloud? Is it from the cloud provider or the customer?
Misconfiguration of privileges is one of the most common consequences of this misunderstanding and, by extension, one of the main causes of data breaches. When default credentials are not reviewed, excessive permissions can cause a standard user to have unnecessary access to sensitive data.
In this case, automated AI-powered tools that check user permissions and privileges can be of great use to IT teams. Above all, because they provide a fast and efficient way to discover overprivileged accounts and remove superfluous permissions.
Whether it's consulting services or supply chain staff, outsourcing internal functions has become commonplace. And many of these vendors require access to internal data and resources to get the job done. In fact, 90% of companies allow third parties to access critical internal elements.
Sensitive assets that, if stolen, would cause significant damage to the organization, posing a serious problem for IT teams. Teams that can trust their own security measures, policies and protocols, but can they trust those of third parties?
In fact, at the beginning of last year, the Regus company suffered a breach due to the aforementioned example, leaking detailed information about the work of employees through a third-party provider. Regus had hired a vendor to audit its staff, and the vendor's security measures were weak. The data breach was discovered, causing a major impact on a company's reputation and finances.
This example serves as a warning to any company that hires third-party vendors. The privileged accounts of all these external agents must be constantly managed and monitored. They must be secure and multi-layered, giving them enough access to carry out their work without putting sensitive company data at risk.
In this regard, advanced Security-as-a-Service packages can help companies ease the monitoring and management burden on their IT team.
The most obvious challenge of 2020 was the transition to telecommuting. IT teams were engulfed in a whirlwind of home computers trying to connect to corporate networks. Whether it was a worker's Wi-Fi router or his personal laptop, there were a host of new devices that posed serious security risks.
The challenge continues into 2021. It's easy to imagine a year in which we all continue to telecommute, from home or elsewhere, so potential security threats will need to be managed. And the approach many companies take to meeting this challenge compounds the problem, as too many companies rely heavily on security policies to keep the "bad guys" out of their networks.
Lack of easy-to-implement processes is an alleged reason for not following security policies. And although companies recognize the importance of security, the processes implemented are too difficult for employees to manage, which generates friction in the user experience. Hence, it is necessary to strike a balance to address this problem.
Workers should be educated on the importance of adhering to security policies, but in turn, IT teams should adopt tools and processes that help minimize business disruptions, overall. By following these simple tips, large companies will be three steps closer to being prepared for the inevitable security challenges ahead.
The cloud, the increasing use of third-party providers and telecommuting will pose a challenge to business resilience and security. But with the right advice and investment, there's no reason your sensitive assets aren't safer this year.
.jpg){kind=small}