close icon
Home Page
Products

Products

PAM logo
Privileged Access Management
PEM logo
Endpoint Privilege Management
PPA logo
Automation
Industries

Industries

school_line
Education
bank_line
Finance
government_line
Government and Defence
hospital_line
Healthcare
computer_line
IT Operations
settings_5_line
Industrial Control Systems
briefcase_line
Legal
store_2_line
Retail
Partners

Partners

Resellers and Distributors
Partner marketing support
Partner opportunity
Resources

Resources

tool_line
Free Tools
bookmark_line
Blog
file_search_line
Case Studies
usb_line
PAM Integrations
video_line
Videos
Webinars
paper_line
White Papers
book_2_line
Osirium University
news_line
Documentation
Company

Company

IDcard_line
About
news_line
News & Events
Team
Investor Hub
Software reviews gold medal
See the report
search_3_line
BOOK A DEMO
All posts
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Prev
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
Next
5
November 2015

The year of the weekly data breach

Andy Harris

Data breaches have fast become the scourge of modern enterprise. The bad news is that the cybercriminals behind such attacks are constantly adapting to make attacks more targeted and effective with each new campaign. All the news of late has been focused on an incident at TalkTalk which showed that teenagers were able to get very close to sensitive customer information. But perhaps of more concern is a report in the Financial Times claiming that the digital identities of tens of thousands of Britons are currently available for sale on the darknet, including thousands stolen from government databases.

We can’t say for certain how exactly they were obtained, but we can absolutely assume that in many cases the victim’s organisation was breached because they failed to adequately secure privileged accounts. Installing Privileged User Management technology should be on the to-do list of all CISOs given the volatility of today’s threat landscape.

An obvious target

Privileged accounts are the focus of more and more targeted attacks because, if compromised, they can open a barn door through which hackers can reach an organisation’s most sensitive data. IT admin accounts not only have access to every part of your organisation but typically are subject to less scrutiny, so by compromising one, attackers can mask unusual behaviour like large file downloads.

Think your IT department is savvy enough to spot an attempted spear phishing attack on one of its accounts? Think again. Attackers will do their research to ensure email lures are incredibly convincing. It’s a process made easier by virtue of the fact that sysadmins’ password management can be as bad as that of a regular computer user. Weak, reused and shared credentials are not an uncommon sight. There can be a complacency in the IT department which also makes them vulnerable to wily attackers.

Although TalkTalk has yet to explain exactly how those behind the attack on its systems managed it, the latest data breach is a classic example of what can happen if you don’t pay enough heed to security. Twice before 2015 the firm was breached, with all the attendant costs of investigation, remediation and clean-up, potential industry fines, and impact on shareholder and customer perception of the brand.

Yet it’s happened again. And although the ISP has clawed back some share points, its reputation among consumers has undoubtedly suffered because of its refusal to waive a punitive leaving fee for all of those wanting out. It should serve as a cautionary tale for what can happen following a serious data breach.

Locking down risk

Whilst locking down IT risk involves more than addressing privileged accounts, this is a great first step to improving security. Osirium PAM automates the process of password management, creating long, random passwords which are impossible to crack in a single refresh cycle. Most importantly, these credentials are stored and managed by us, meaning they can’t be socially engineered from an IT admin or by an experienced hacker.

If you’d like to find out more about Osirium PAM, get in touch.

‍

Related Topics

Privileged Access Management
Manager
Audit, Compliance and Governance
all posts
Top
Home Page
cyber essentials certified badge
Industries
EducationFinanceGovernment and DefenceHealthcareIT OperationsIndustrial Control SystemsLegalRetail
Company
AboutTeamBoard of DirectorsInvestor HubJob Opportunities
Resources
Free ToolsBlogPAM IntegrationsVideosWebinarsWhitepapersDatasheetsDocumentationCase Studies
Support
Support PortalOsirium University
© 2023 OSIRIUM. All rights reserved.
AccessibilityPrivacy PolicyEULATerms of ServiceSitemap