Connect with us

News

BEYONDTRUST 2019 PRIVILEGED ACCESS THREAT REPORT FINDS 64% OF BUSINESSES HAVE SUFFERED AN INSIDER BREACH

  • BeyondTrust’s annual Privileged Access Threat Report highlights that greater privileged access visibility and improved integrations are vital to tackling the modern threat landscape
  • 90% of respondents with fully integrated PAM tools are confident they can identify specific threats from employees with privileged access

BeyondTrust, the worldwide leader in Privileged Access Management, has released the 2019 Privileged Access Threat Report. In its fourth edition, the global survey explores the visibility, control, and management that IT organizations across the globe—including the United Arab Emirates (UAE) and Saudi Arabia―have over employees, contractors, and third-party vendors with privileged access to their IT networks. According to the report, 64% believe they’ve likely had either a direct or indirect breach due to misused or abused employee access in the last 12 months, and 62% believe they’ve had a breach due to compromised vendor access.

Poor security hygiene by employees continues to be a challenge for most organizations. Writing down passwords, for example, was cited as a problem by 60% of organizations, while colleagues telling each other passwords was also an issue for 58% of organizations, a steady increase from 2018’s statistics. The report also highlighted regional differences, with only 28% of Middle East businesses expressing worries about employees downloading data onto a memory stick, while 42% see this as an issue in APAC. Ultimately, 71% of organizations agree that they would be more secure if they restricted employee device access. However, this isn’t usually realistic, let alone conducive to productivity.

Morey Haber, CTO & CISO, BeyondTrust

“Both internal employees and third-party vendors need privileged access to be able to do their jobs effectively, but need this access granted in a way that doesn’t compromise security or impede productivity,” commented Morey Haber, CTO & CISO of BeyondTrust. “In the face of growing threats, there has never been a greater need to implement organization-wide strategies and solutions to manage and control privileged access in a way that fits the needs of the user.”

The businesses surveyed reported an average of 182 vendors logging in to their systems every week. At organizations with 5,000+ employees, 23% say they have more than 500 vendors logging in regularly, highlighting the sheer scope of the risk exposure. This year’s report uncovered that trust in vendor access is now lower than trust in employee access, with only one in four (25%) saying they completely trust vendors, in comparison to 37% of employees. This is a stark comparison to last year’s report, where 72% of businesses admitted that they have cultures that are too trusting of third parties. In an age where data breaches have immense financial and reputational implications for businesses, it’s a positive step that these organizations are now assessing the level of trust they place in their third-party vendors.

The report also delves into the threats posed by emerging technologies. The risks associated with the Internet of Things (IoT) posed a big concern for the professionals surveyed, with the visibility of logins from IoT devices revealed as the most pressing issue. Three quarters (76%) are confident they know how many IoT devices are accessing their systems, while four in five are confident they know how many individual logins can be attributed to these devices. At the same time, 57% of security decision makers perceive at least a moderate risk from Bring Your Own Device (BYOD) policies.

The report did show that some organizations are managing these risks with a Privileged Access Management (PAM) solution. From the research, these same organizations experience less severe security breaches and have better visibility and control than those who use manual solutions or no solution at all. In fact, 90% of those with fully integrated PAM tools are confident they can identify specific threats from employees with privileged access.

“As the vendor ecosystem grows, the threat landscape evolves and users should be granted specific role-based privileges. Organizations need to accept that the way to mitigate risks is by managing privileged accounts through integrated technology and automated processes that not only save time, but also provide visibility across the environment,” Haber added. “By implementing cybersecurity policies and solutions that also speed business efficiency, versus putting roadblocks in users’ way, organizations can begin to seriously tackle the privileged access problem.”

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

AWS AND HSBC REACH LONG-TERM STRATEGIC CLOUD AGREEMENT

One of the world’s largest financial services organizations collaborates with AWS to deliver new products, enhance customer experiences, and drive digital transformation

Today, Amazon Web Services (AWS), an Amazon.com company, announced that HSBC Holdings plc has selected AWS as a key, long-term strategic cloud provider to drive their digital transformation and deliver new and personalised banking services. As part of a multi-year, global agreement, HSBC will make AWS technology available across the bank’s lines of business, starting with customer-facing applications and application modernisation in its Global Wealth & Personal Banking business.

Migrating to AWS will enable HSBC to drive innovation, automate key processes, and enhance operational efficiency across a range of personal financial services. AWS’s global infrastructure will enable HSBC to run and scale applications around the world with the highest availability and reliability. HSBC will use AWS’s extensive portfolio of cloud services, including compute, containers, storage, database, analytics, machine learning, and security, to develop new digital products and support security and compliance standards for millions of personal banking customers worldwide. For example, HSBC plans to use AWS serverless and analytics services, including Amazon Kinesis, to create a more personalised and customer-centric banking experience.

“Our work with AWS is an example of how HSBC continues to invest in secure and advanced technologies to make our digital banking experience even better for customers,” said Dinesh Keswani, Chief Technology Officer and CIO for Digital, HSBC. “Our ambition is to make it easy, safe, and reliable for customers to bank with us, whenever and wherever they are. HSBC’s collaboration with AWS helps us to deliver innovative banking solutions to customers at a faster rate, starting with our Wealth & Personal Banking business.”

“HSBC is continuing to expand its use of AWS to power its digital transformation and deliver innovative financial services that help customers manage, protect, and grow their wealth in new and more personalised ways,” said Frank Fallon, Vice President, Financial Services at AWS. “We look forward to our continued collaboration with HSBC as they leverage AWS’s proven capabilities, reliability, and security to drive efficiency across their business and become a more agile organisation in the cloud.”

 

Continue Reading

News

THE INVESTMENT IMPLICATIONS OF CLIMATE RISK – AN INVESTMENT MAN-AGER’S VIEW

In the final release of its three part series on climate risk, leading independent fixed income manager, Cameron Hume, looks at how attitudes to climate risk can be factored into long term investment decisions and whether those investment decisions can be used to drive the direction of travel with a global response to climate risk.

 

It is widely accepted that greenhouse gas (GHG) emissions must be decreased in order to avoid a potentially catastrophic increase in global temperature.

 

If we also accept that a global response is required to achieve a global reduction in GHGs, but that countries will act according to their own discretion, then the next piece of information we have is the recognition that companies will face different regulatory and legal regimes depending on which part of the world they operate in.

 

It is a complicated set of factors to consider and it can be tempting to put off any decision making. However, the Financial Stability Board has made it clear that action is required now.

 

The 2017 report by the Taskforce of Climate Related Financial Disclosures (TCFD), stated: “The large-scale and long-term nature of the problem makes it uniquely challenging, especially in the context of economic decision making. Accordingly, many organizations incorrectly perceive the implications of climate change to be long term and, therefore, not necessarily relevant to decisions made today.”

 

In a bid to help navigate the difficult process of taking on appropriate exposure to climate risk, the TCFD recommends the implementation of tried and tested methods that financial market participants are already familiar with. Improving disclosure is a key input to supporting better management of climate risk. The TCFD recommend considering climate risk in a framework consisting of Governance, Strategy, Risk Management and Metrics & Targets.

 

For Cameron Hume, Governance means that there is an agreed investment policy that all stakeholders are in agreement with. Strategy should therefore support development of policy and systems which incorporate informed Risk Management. Metrics & Targets must be built into portfolio measures, client reporting and disclosures to bodies such as the PRI.

 

The Cameron Hume Global Fixed Income ESG Fund, launched in 2018, follows the TCFD methodology while selecting issuers judged to manage their ESG risks better than their peers.

 

Chief Investment Officer, Guy Cameron, explains: “In Cameron Hume’s view, a key indicator of an issuer’s sustainability is the quality of its governance and risk management framework, which we know must take into account climate risk.

 

“A company that already has low emissions will be more likely to maintain low emissions in the future than a company with a stated aim of lower emissions but a bad track record of delivering on promises. Even those who reliably commit to a transition plan require access to significant funds, technology or personnel to make such a major shift in operations.

 

“Similarly, as many governments introduce legislation to reduce GHG emissions, inability to achieve the legally mandated targets may weigh on companies even as they transition.

 

“As the likelihood of governments imposing tough targets on emissions differs from country to country, we believe the best way to manage risk is to invest in the companies with the lowest current net emissions, accounting for gross emissions and mitigating factors. Such issuers will likely have the governance framework, risk management capability and strategy in place to allow them to embrace any new rules effectively.

 

“For these reasons, the Cameron Hume Global Fixed Income ESG Fund favours companies with lower net emissions currently, rather than those requiring significant changes.”

 

Continue Reading

Magazine

Partner Events

Trending

News12 mins ago

AWS AND HSBC REACH LONG-TERM STRATEGIC CLOUD AGREEMENT

One of the world’s largest financial services organizations collaborates with AWS to deliver new products, enhance customer experiences, and drive...

Technology46 mins ago

ARTIFICIAL INTELLIGENCE AND WORKFORCE: PROSPECTS AND PREDICTIONS

Back in the day, Artificial Intelligence (AI) was just a pipe dream that people could only see in The Back...

Business5 hours ago

HOW TO FIX A PROBLEM LIKE WIRECARD IN 60 HOURS

By Shachar Bialick, Founder and CEO Curve   On Friday 26 June, the Financial Conduct Authority suspended its permission for Wirecard...

News7 hours ago

THE INVESTMENT IMPLICATIONS OF CLIMATE RISK – AN INVESTMENT MAN-AGER’S VIEW

In the final release of its three part series on climate risk, leading independent fixed income manager, Cameron Hume, looks at how attitudes to climate risk...

News7 hours ago

AURIGA, PROVIDER OF NEXT-GEN BANKING TECHNOLOGY, OPENS ITS FIRST OFFICES IN SPAIN AND MEXICO

Specialising in omnichannel banking and cybersecurity, the Italian company continues its international expansion with two new offices in Madrid and...

Interviews7 hours ago

HOW NEW TECH START-UP IS SHAKING UP THE IT CONTRACT MARKET

Neil How, CEO and Co-founder, ten80   1. What is ten80? ten80 enables cost savings on SAP/software projects by an...

Traditional Banks Traditional Banks
News7 hours ago

HOW CAN LENDERS LEVERAGE OPEN BANKING DATA TO TACKLE COVID-19 PANDEMIC CHALLENGES

Will Hurst, Head of Commercial Development at Monevo, looks at how lenders are trying to leverage Open Banking data and...

Business7 hours ago

A CATALYST FOR CUSTOMER SATISFACTION AND GROWTH IN THE FINANCIAL SERVICES SECTOR

Peter Walker, EMEA CTO, Blue Prism   The financial services sector has undergone a period of rapid innovation over the...

Top 105 days ago

WHY INDONESIA IS THE WORLD’S NEXT DIGITAL PAYMENTS BATTLEGROUND

Kelvin Phua, Global Head of Payment Networks at PPRO   The COVID-19 outbreak has seen the e-commerce sector surge. Despite...

Business5 days ago

HELPING SMES ACCESS FINANCE IN EXTRAORDINARY TIMES

Tim Vine, Head of Credit Intelligence at Dun & Bradstreet   The closed doors of businesses have become a sadly...

Business5 days ago

DO MESSAGING APPS PUT THE FINANCIAL SERVICES INDUSTRY AT RISK?

Ashley Friedlein, founder and CEO, Guild   Accelerated by the coronavirus pandemic, the use of messaging apps for professional communications...

Business6 days ago

HOW PREVENTING AND MITIGATING FRAUD CAN IMPACT YOUR CUSTOMER RELATIONS

Matt Mascherin, Solutions Engineer, Enterprise Sales Americas, Syniverse   Texting has become a staple of modern life and is so...

Finance6 days ago

2020: THE YEAR OPERATIONAL RESILIENCE AND CYBER-RISK TAKE CENTRE STAGE IN FINANCIAL SERVICES

Miles Tappin, VP of EMEA for ThreatConnect, explores how financial providers can build a cyber security strategy that enables operational...

Wealth Management6 days ago

HOW RESILIENT IS YOUR ORGANISATION’S SECURITY?

Kimon Nicolaides, Digital Services Group Head at MASS   Organisational security can be thought of like peeling the layers of...

News7 days ago

INTERNATIONAL BANKING NETWORK EXPANDS AS IT WELCOMES STANDARD CHARTERED BANK

IBOS Association (IBOS), an international banking network, is delighted to announce its newest member to the group, Standard Chartered Bank....

Wealth Management7 days ago

HOW TO CATCH UP ON YOUR RETIREMENT SAVINGS

By Gerard Visser, Certified Financial Planner at Alexander Forbes For many South Africans who were already finding it difficult to save...

Technology1 week ago

ARTIFICIAL INTELLIGENCE AND FUTURE OF TECHNOLOGY

Ashish Jain, CEO, Future FX   Artificial Intelligence refers to machine intelligence that is programmed to think like humans and...

Finance1 week ago

GROWTH OF FINANCIAL MARKETS AND TECHNOLOGY

Ashish Jain,CEO, Future FX   The economic development of any nation completely depends on its financial structure both in long...

Banking1 week ago

NO SAFE HARBOUR FOR DIGITAL BANKING

by Konstantin Bodragin, Business Analyst and Digital Marketing Officer at Bruc Bond   At the beginning of 2020, the future...

Business1 week ago

CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?

By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow   It’s no secret that the financial...

Trending