CIO OPINION
CIO opinion
“
WHEN PATCH
REMEDIATION OCCURS,
THE ASSET MAY STILL BE A
HIGH RISK IF PRIVILEGED
ACCESS IS NOT MANAGED.
/////////////////
Morey J Haber, Vice President of Technology, BeyondTrust
A penny wise and a
password foolish
Cyberattacks are becoming
increasingly common and
preparing for them correctly is
essential for businesses. Morey
J Haber from BeyondTrust
believes investing in data
protection will be worth the
cost in the long run, rather than
risking data breaches with only
password protection in place.
H
ow much money would you spend to secure your passwords
from being stolen? If you actually could safeguard all your
passwords, would you worry as much about a privileged
breach? I think the majority of executives and security professionals
would ante up a reasonable sum to make this a reality, but that’s
not what this article is about. It is about the damage a compromised
privileged account could cost an organisation from a momentary
perspective and a reputation perspective.
If you need proof of this, consider the recent breaches at Equifax, Yahoo
and even Duke Energy. Each one of these affected the company’s stock,
executive bonuses, acquisition terms and even the ability to do basic
business like accepting payments in due terms.
A compromised privileged password does have a monetary value on the
Dark Web for a threat actor to purchase but also has a price that can be
associated to an organisation in terms of risk. What is the value and risk
if that password is exposed and the contents it protects exposed to the
wild? A database of personally identifiable information is quite valuable
and blueprints or trade secrets have even a higher value if sold to the
right buyer (or government).
My point is simple: privileged accounts have a value (some a very
high value) and the problem is not always securing them but rather
identifying where they exist in the first place. Would you spend a penny,
www.intelligentcio.com
INTELLIGENTCIO
51