October 4, 2019
Data breaches often conjure up images of crafty hackers weaving complicated codes to invade an organization’s network. But the vast majority of data breaches actually result from compromised log-in credentials within an organization’s privileged access management (PAM) system.
In other words, attackers have no need to hack into your system, because in many cases, they can use stolen, weak or otherwise at-risk credentials to sign into your network without raising alarm.
Once inside, they can burglarize the organizations’ confidential data without drawing notice for some time. Law firms are particularly tempting targets for attackers because they offer valuable personal information on multiple clients.
About 80 percent of data breaches involve abuse of privileged access, according to an estimate by Cambridge, Massachusetts-based Forrester Research. A survey last year of IT decision makers at 1,000 U.S. and U.K. organizations backed up that estimate. About 74 percent of respondents whose organizations had been breached said it involved access to a privileged account, according to the survey by Centrify Corp.
A single breach costs an organization $3.92 million on average, and the average cost increases each year, according to a study released in July by IBM Security. The cost climbed 12 percent over the past five years, due to enhanced regulation and the complicated process of resolving criminal attacks, per IBM Security.
The financial impact from a data breach can be particularly harsh for small to midsize companies. The study showed that businesses with less than 500 employees sustained losses of over $2.5 million on average. For a business earning $50 million or less in annual revenue such a setback can be crippling, the report noted.
While companies allocate more and more money to cybersecurity, their spending may provide inadequate protection if they are not addressing privileged access security issues, such as the strength of credentials and who can enter sensitive databases and for what purpose.
Weak or otherwise compromised credentials are akin to giving a stranger a key to the front door of your home, and your privilege access management system is that door.
Making sure that your team has strong passwords, identity verification and varied levels of access to information based on need and responsibility can help secure your critical data assets.
A proactive approach to reinforcing these security checkpoints is to implement a threat prevention plan. By ordering a cyber-risk audit and a due diligence network audit, you can first evaluate and test your existing security system and protocols.
These audits, which are offered by companies such as Innovative Discovery, can identify vulnerabilities in your overall data management – especially at privileged access points. Once you identify security weaknesses, you can work with cybersecurity experts to personalize your privileged access management system, workflows and data storage to effectively and efficiently manage data and mitigate risk. It would also be sensible to find yourself a law firm who specialise in cyberlaw, just in case a data breach ever occurs.
Establishing effective policies, protocols and procedures (as part of a threat prevention plan) helps you to control who accesses your data, when and for what purpose, thwarting attackers from simply walking through your front door with the key to steal your valuable information.