Three Trends for 2021: Time to Improve Your IT Security Score
By: Orhan Yildirim
Heading into 2021, IT teams are preparing plans and budgets, and part of their rationale for investing in a more comprehensive cybersecurity posture is what their IT Security Score looks like, in the context of increasingly sophisticated threats.
Many organizations have methodologies and technologies enabling enterprises to assess how to secure their systems and assets truly are, and everyone emphasizes the importance of Privileged Access Management (PAM).
As IT professionals, including CISOs, regroup after a devasting year (global pandemic, weakening economy), here are three trends that further enforce the need to ensure networks, data, and applications are fully protected.
Trend One: Continued reliance on third parties & ecosystems
Leveraging an ecosystem of third parties to conduct business is not new. In fact, this has been around for nearly two decades, but the nature and security of those relationships are evolving. We are only as secure as our weakest link, and as we continue to share sensitive data with consultants, contractors, vendors, suppliers, and analytics applications, it is critical that enterprises do so with a clear understanding of their risk.
Third-party cyber risk is one of the fastest-growing security risks. An independent market research company, on behalf of BlueVoyant, surveyed over 1500 CISOs, CIOs, and Chief Procurement Officers from the USA, UK, Singapore, Switzerland, and Mexico to gain insights into how they are managing cyber risk within their supply chain and found that 77% have limited visibility around their third-party vendors, 2.7 is the average number of breaches experienced in the past 12 months, and 80% have suffered a third-party related breach in the past 12 months.
Trend Two: Increased regulatory scrutiny around third-party relationships
The European General Data Protection Regulation (GDPR) has been in place for a few years now and continues to carry steep penalties for non-compliance. Under GDPR, and an increasing number of similar regulations, including in the U.S., companies are responsible for the security of citizen data, even if that company outsources it to third parties. In New York, the Department of Financial Services is forcing banks to comply with additional obligations under the NY Cybersecurity Regulation including: implementation of a formal, written Cybersecurity Program and Cybersecurity Policy, limitations/restrictions on access privileges to information systems that provide access to nonpublic information, utilization of qualified cybersecurity personnel (internally or through qualified third-party providers), the designation of a new chief information security officer and development of a written Incident Response Plan. Covered Entities must file their first annual certification of compliance with the Cybersecurity Regulations.
Trend Three: Cloud-based ecosystems are scaling, so the attack surface is getting worse when it comes to third-party integrations and APIs
Not only do applications need to scale with the ongoing growth of “Everything as a Service” (XaaS), but the ways IT professionals assess their security ratings and protect their assets must also scale. This is essential for organizations that must stay ahead of the constantly evolving threat landscape. Static assessment solutions and traditional PAM technologies cannot scale with growing third-party relationships, their ongoing mitigation efforts, and the constantly changing threat levels.
Ironsphere’s modern approach to PAM is cloud-native, while also performing consistently when our solutions are premise-based. Ironsphere’s PAM solutions can dramatically improve the IT team’s ability to administer and manage privileged accounts.
Instead of limiting the use of specific remote access applications, Ironsphere’s platform allows users to continue using their favorite apps, such as MSTSC, SecureCRT, Toad, or FileZilla from their own computers, without having to adjust their daily routines.
Single source of truth
Most solutions create an internal shadow copy of users and assets and attempt to keep them in sync with the enterprise directory services and asset inventory applications. Ironsphere’s solution continuously discovers assets and user updates through the enterprise’s applications, therefore eliminating synchronization errors.
Most solutions display all the system and infrastructure information to users, sometimes storing it on the user’s computer. Ironsphere selectively displays the information that the users are authorized to access and does not store any enterprise infrastructure data on the user’s computer.
Widest support range for protocols
Ironsphere not only manages who can access which system, under what restrictions, but also tracks in-session activities and stops attacks and misuse, including DB and web sessions.
We would be happy to demonstrate our platform for you and illustrate the dramatic improvements possible with our market-leading offering.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.