The digital walls can no longer hold. With many organizations now allowing their employees to work remotely and also allowing partner companies to access certain applications, traditional security perimeters are no longer sufficient. The new scope is identity.

If it was ever enough to put a fence around the most critical assets, today well-known tools such as firewalls and antivirus programs are no longer sufficient. Especially as companies increasingly use cloud, mobile applications and virtualization. Relying on outdated security methods leaves networks vulnerable to attacks using identity-based tactics.

Companies must modernize their strategy to keep up with the new digital reality and minimize risks in the event of a data breach. An important element to add to your security strategy is called PAM – Privileged Access Management.

The hunt for privileged accounts

Most companies have two types of accounts: In addition to standard user accounts, which are used for tasks such as logging into the corporate network, there are also privileged user accounts. This allows them to access critical assets or perform activities that require a higher level of access. Think about domain or system administrators who need to be able to edit and maintain applications, software and servers. It’s no surprise that these accounts are the ultimate targets for hackers.

No wonder these accounts are the ultimate targets of hackers.

Cent Malfroid, Business Development Manager Arrow Electronics

Unfortunately, for many organizations, the username and password combination is still the most important part of their identity-based security strategy. This poses a serious threat as users often choose a weak password that can be quickly guessed in automated, brazen attacks. They also reuse this password multiple times and share it or store it in easily accessible, unencrypted files. Because these bad practices often impact privileged accounts, hackers only need to crack a standard user account to quickly gain access to a system.

Attackers typically first attempt to break into an employee’s desktop or laptop using techniques such as phishing. Once they do this, they can bypass the company’s basic security and start poking around, looking for access to more privileged accounts. Hacking a privileged account is usually enough to gain access to the entire treasure trove of information. There they can read and edit sensitive data and even change protocols to cover their tracks. They then remain unnoticed in the system for weeks or even months.

According to the IBM 2022 Cost of a Data Breach Report, stolen or compromised credentials are not only the most common attack vector for a data breach, but also the most expensive and the one that takes the longest to identify. Companies cannot afford to continue relying on traditional security methods. There is a need for a new approach to protecting digital assets. A robust security strategy with privileged access management that limits cyber risks and ensures business continuity.

Responsibility of every company

Many companies will certainly have to deal with PAM in the next few years. Ultimately, the concept has been incorporated into the new NIS2 standard that will soon come into force. However, compliance should by no means be the primary reason an organization focuses on it. In order to introduce new technologies with confidence and enable the company to adapt quickly, it is important to manage privileged accounts securely and in a future-proof manner. In fact, just as in the context of sustainability, it is the duty of companies to work on it.

With most organizations now managing massive amounts of data, we need to approach security more thoughtfully. Especially when it comes to sensitive data, it is the responsibility of companies to protect individuals and society in general as best as possible. And PAM is an essential building block for this. Technology can help with this, but more than that, PAM must be a philosophy and companies must implement strong policies around PAM.

However, adopting a mature PAM policy does not happen overnight. In this article you can read what it takes to develop a strong Privileged Access Management framework.

This article is contributed by Vincent Malfroid, Business Development Manager at Arrow Electronics. Discover how Arrow and Delinea software helps you implement an effective PAM policy here.