Phishing and ransomware attacks continue to become more and more common, targeting healthcare in particular. A common tactic has been to specifically attack organisations’ backups – the ability to restore from a clean backup is key to recovering from a ransomware attack without paying the ransom. Sadly, when attackers are able to encrypt backup volumes as well as live data, their victims are left with few, if any options.
Privileged Access Management (PAM) is key to protecting backup admins, and as such, in tandem with policy and process adjustment, cuts ransomware risks to backup volumes. Using PAM in this way can also prove surprisingly cost effective.
A Holistic Approach
PAM is more than just software. It’s a holistic approach, covering people and processes as well as technology, the three working together to reduce risk and enhance security for everyone, from the boardroom to the shop floor, including those outside the business, such as contractors, without impacting productivity.
Thycotic, the leader in cloud PAM, talks of “Advanced PAM” to describe a fully developed PAM strategy which is proactive, treated as a top cyber-security priority, and ongoing, in the sense that privileged security practices are constantly under review and subject to improvement.
Let’s take a look at those three key facets of effective PAM – people, processes and technology.
People
Effective PAM demands the successful engagement of all key stakeholders, aligning people and technology to work effectively together. Your stakeholders will come from diverse departments across your organisation – lines of business as well as IT and senior management.
Typically, the larger your organisation, the more complex this process will be, with PAM responsibility shared across various teams, reporting through the CIO or CISO to the board. Misunderstandings and friction between players can be problematic, so effective collaboration and full transparency are essential, along with a clear understanding, across the board, of shared PAM goals.
It’s also important to remember that PAM measures can directly affect users’ day-to-day routines. Effective communication and training are key to avoid alienation and irritation.
Processes
Thycotic proposes a lifecycle approach to PAM. This provides a framework to help businesses manage PAM in a continuous, ongoing fashion, rather than considering it as a single, one-off project.
The key stages in the lifecycle are as follows:
1) Define which accounts you will consider as having privileged access, and the governance policies which will apply to them.
2) Discover every privileged account in your business, defining policies for service account governance. Automated ongoing discovery should be set up, with reviews at least once a week.
3) Manage and control privileged account access and session activity with automated controls.
4) Monitor and record activity in privileged accounts, to help enforce appropriate behaviours and reduce error rates. This will also help with investigation in the event of a breach.
5) Detect potential user abuse and account compromises with PAM behavioural analytics, contrasting unusual activity against normal behaviour for each user.
6) Respond effectively to any breach, remediating any damage done as well as restoring security.
7) Review and audit continuously, using automated reports to observe how privileged accounts are being used, identify the causes of security incidents and demonstrate compliance.
Technology
The third key component of effective PAM is technology to deliver the PAM solutions that will best fit your needs. It is important to select the right technologies to automate the control of privileged accounts across your business.
Different security technology controls come into play for each of the various stages of the PAM lifecycle. With the right technology in place you can build a robust foundation for PAM, scalable as your PAM programme matures and your business grows.
Next Steps
Ready to take proactive steps in securing your organisation’s privileged accounts and enhancing your cyber security posture? Explore MTI’s comprehensive Cyber Security Managed Services today. Our expert team can help you implement robust Privileged Access Management solutions tailored to your organisation’s needs, ensuring protection against cyber threats and compliance with industry regulations.
Contact us now to schedule a consultation and safeguard your organisation’s critical assets.