Comply or Die: Learn How to Avoid Failed Audits
•
0 likes•214 views
Thycotic recently surveyed more than 500 organizations worldwide revealing several major risk and compliance gaps in securing privileged access: • 70% would fail an access control audit • 73% of organizations fail to require multi-factor authentication Protecting access to privileged credentials is becoming a must-have cybersecurity and compliance requirement. Learn how to: • Review the alarming survey results of the 2018 Global State of Privileged Access Management Risk and Compliance Report • Walk through examples of why organizations are falling short on privileged access management and how to solve them • See how you can develop a Privilege Access Management lifecycle security program to protect privileged credentials and meet compliance requirements
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Comply or Die: Learn How to Avoid Failed Audits
Similar to Comply or Die: Learn How to Avoid Failed Audits (20)
Recently uploaded
Recently uploaded (20)
Comply or Die: Learn How to Avoid Failed Audits
- 1. Learn How To Avoid Failed Audits
- 2. T H I R D G R E A T E S T I M P A C T / T H R E A T Cyberattacks
- 4. Accessing privileged accounts was the number one choice for the easiest and fastest way to get at sensitive data 32% OF HACKERS SAY
- 6. Compliance Standards ISO ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) NIST The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes PCI
- 7. Compliance Standards CIS CSC The Center for Internet Security Critical Security Controls for Effective Cyber Defense is a publication of best practices guidelines for computer security The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) EU GDPR
- 8. Privileged Accounts • Also Non-human accounts • Local administrator & Groups • Unix ROOT • Service accounts • Domain administrator • CISCO Enable • Application Accounts • Batch job/scheduled tasks/chron jobs Admin Int. User
- 9. “How to comply” “New Compliance Rules” “Law Changes” “Companies Must Act”
- 13. 2018 Privileged Access Management RISK & COMPLIANCE REPORT Are you ready for the shocking results?!
- 14. WHY THIS REPORT IS A MUST READ: URGENT CHALLENGES Protecting access to privileged credentials - the preferred target of cybercriminals and malicious insiders – is rapidly evolving as a must have compliance requirement. DISTURBING SURVEY RESULTS While more than 60% of organizations must satisfy regulatory compliance requirements around privilege credential access, a staggering 70% would Fail an Access Controls audit! LIKELY CONSEQUENCES Millions of dollars in regulatory fines, business operations at higher risk of severe compromise or even shutdown. RECOMMENDED ACTIONS Develop a Privilege Access Management lifecycle security program to secure access and meet compliance mandates. Privilege Access Management is not a simple checkbox but an important continuous process.
- 15. THE FINDINGS First, the Bad News Most companies would FAIL an Access Controls AUDIT and many are not even close to scrapping a pass 64 of Companies Would FAIL %
- 16. 6 In 10 Organizations Say They Must Demonstrate Compliance & Auditing Of Privileged Accounts
- 18. COMPLY OR DIE: The Privileged Access Management (PAM) Security Imperative Most organizations only begin to implement Privileged Access Management after a failed audit or major cybersecurity attack that can cost millions of dollars and cause reputational damage.
- 19. FAIL to include privileged accounts and passwords in Access Control Policies 64%
- 20. Access to even one privileged account enables an attacker to perform malicious activity Fail at changing default vendor supplied passwords 59%
- 21. Fail to audit and remove test or modify default accounts before moving applications to production 73%
- 22. FAIL to use a dedicated system for all administrative tasks 78%
- 23. Fail to require multi-factor authentication with privileged accounts 73%
- 24. Fail to fully discover privileged accounts - and 40% do nothing at all to discover these accounts 70%
- 25. KEY COMPLIANCE TAKEAWAYS 1. Policies covering Privileged Accounts. 2. Educate Employees who use Privileged Accounts on Accountability and Acceptable use. 3. Implementing Multi-Factor Authentication for emails and all sensitive privileged accounts. 4. Audit All Privileged Account Usage. 5. Incident Response for Privileged Account Compromise.