74% of Data Breaches Start With Privileged Credential Abuse

Posted on

Apr 13th, 2019



Share on

How threatened are businesses when they fail to implement and prioritize Privileged Access Management? Very threatened.

In fact, companies are losing billions of dollars annually due to the many repercussions they experience from data breaches and the process of trying to recover from them.

The Facts and Figures Behind Data Breaches

According to Centrify, privileged data abuse is the leading cause of data breaches in corporations. This insight comes from a survey it conducted among 1,000 IT executives in the US and the UK. The results were contained in a new report which highlights that “74% of breaches involved access to a privileged account.”

That figure also correlates quite well with the findings from the Verizon 2017 Data Breach Investigation Report.

It found that a massive 81% of breaches were directly related to passwords which were either stolen, weak, or simply default passwords which organizations failed to change to more secure ones.

It is important for companies to realize that breaches are not only outside threats, very often they occur from within the organization.

The Cost of Data Breaches

Data privacy and data protection go hand-in-hand. Data privacy is currently a global hot button issue with most organizations ensuring they are compliant with new laws and regulations.

Many organizations, however, must also face the less publicized but very real threats which lax data protection policies pose. Perhaps the most obvious of those threats is the amount of money companies stand to lose from each breach.

The IBM-sponsored Cost of a Data Breach study reveals that not only are data breaches on the rise, but they are also becoming costlier. Interestingly, breaches based in the US tend to have the highest cost, racking up a bill of nearly $8 million for the organization involved.

IBM breaks that figure down to $148 per “lost or stolen record containing sensitive and confidential information.” The report can be downloaded here where you will also find an intriguing interactive data breach cost calculator.

The ramifications of data breaches involve much more than the obvious monetary losses. There is also the issue of the lack of trust which companies can face from current and prospective customers, as well as from investors and business associates. This demoralizing lack of trust can also settle among employees and affect their productivity.

You Must Secure Your Company’s Data – Here’s How to Do It

The key factor in securing an organization’s data is the implementation of Privileged Access Management (PAM) strategies, sometimes referred to as Privileged Account Management.

A privileged user is anyone who has administrative access to various critical systems within a company’s IT network. It is not just select employees who have privileged access. There are also vendors, automated users and contractors, to name a few.

These privileged users may have the authority to install software and to change or delete user accounts. Their status might also give them access to confidential or secure information.

It is very obvious to most persons that not everyone can or should have privileged access. Where most companies fall short, however, is in realizing that it is still vitally important to monitor and control the actions of those who do. This is where PAM comes in.

It gives you the ability to:

  • Minimize or eliminate malware attacks which often focus on gaining access to privileged accounts
  • Regulate which systems a particular privileged user account can access so as to prevent access to forbidden data
  • Ensure that IT administrators can quickly and easily access the accounts of privileged users when they need to
  • Provide (and easily terminate) privileged access to vendors and anyone else who only needs it on a temporary basis
  • Fulfill audit requirements by creating a secure audit trail of privileged account actions
  • Remain compliant with industry regulations

An effective PAM solution can mean the difference between spending millions of dollars recovering from a data breach and using that money to invest in your company’s growth.

Another effective way to make sure you don’t fall victim to a data breach is to properly dispose of all your IT hardware. This will prevent your sensitive data from accidentally ending up in the wrong hands.

If need help with your IT recycling, get in touch with us today to learn how we can help.  We would be more than happy to help you start safeguarding your company against the threats posed by privileged credential abuse.