In the digital age we are in, it is essential to protect all the data we have, whether it is our own data or from the users who provided it. No user without permission should have a chance to access sensitive information.

According to Trend Micro’s annual cybersecurity report – A Constant State of Flux -, in 2020, more than 1453 vulnerabilities were identified – that’s just the number of warnings published ⎼, 173 of which consisting of critical severity and 983 of high severity.

Vulnerabilities like these are an open door for cyberattacks to happen. But let’s better understand what they are and how privileged access management prevents cyberattacks.

What are cyberattacks?

Cyberattacks are basically attacks by hackers on a specific computer, system, or computer network.

The goals of an attack like this can vary widely: they range from stealing user data, making modifications to systems, or even bringing down an entire network.

This type of crime can be associated with the category of extortion, considering that it is quite common for hackers to charge an amount of money for the attack to stop, so that important information is not leaked or any other aspect that may be extremely important for the victim.

Perhaps it may seem like something that does not happen very often, given the apparent difficulty of invasion, but Brazil alone has suffered more than 8.4 billion cyberattack attempts in 2020. This shows us that it is essential to always be aware of our system’s flaws and gives us an idea of the size of the risk we are facing.

How do hackers manage to break into systems?

There are several ways to break into a system, and with each passing day, criminals invent new ways to do this. Among them, we can mention:

Ransomware

The term ransomware is a fusion of the terms ransom, which is exactly what it means, and malware, a term referring to malicious software.

It is basically malware that blocks a series of files or an entire system, from which a ransom is charged for their release. It is literally a virtual kidnapping.

Ransomware can gain access to the system in different ways: via email links, social media links, websites, or by installing apps. Once inside, the virus encrypts the data, preventing the user from gaining access.

Generally, the ransom is charged in cryptocurrencies such as bitcoin. This is due to the virtually zero chance of tracking it, making it almost impossible to identify the criminal.

Spyware

This is used as spy malware. It is quite difficult to detect as it works in the background.

It is widely used for stealing confidential information such as passwords, banking, credit card, or any other information that is useful for criminals.

They usually have access by downloading free files or programs from the Internet.

Keylogger

Malware like this has the function of recording everything that is being typed on a keyboard. It is a type of spyware, that is, they are occasionally used in so-called phishing attacks, those designed for identity theft.

A Keylogger can also be hardware, such as a USB cable or a flash drive.

DDoS Attack

Also known as distributed network attacks or distributed denial-of-service attacks. DDoS attacks work by making a large number of requests to an online service to exceed the system’s capacity, preventing it from functioning properly.

They usually do this intending to request an amount to stop the attack. For this to happen, the hacker uses a series of infected computers; the network that these computers are part of is called a zombie network.

What characterizes privileged access?

As its name suggests, users who have this type of access have privileged accounts to access sensitive administrative information. They can change passwords, view user data, modify settings, and perform other related actions.

In general, users like this have accounts with very complex passwords and, in many cases, these accounts are shared among several administrators. But that alone is not enough. It is necessary to closely monitor each credential, especially those that are common among several people.

How does privileged access management prevent cyberattacks?

Privileged Access Management (PAM) is here precisely to help organizations to implement control of privileged actions efficiently.

Users who have this type of access are constantly accessing critical organization resources. Monitoring who joins the system, when that person logs in, and also if they are performing the activities assigned to them is of utmost importance.

A PAM solution is used for this very purpose. Thus, one can guarantee the user is really the one with the authorization, not a hacker who got someone’s credential information.

The solution does this by forcing the person to request a just-in-time authorization, limiting the space they have to work with and also setting a sufficient time limit to perform the required task.

This way, there is no unnecessary exposure of information, ensuring greater security and exponentially reducing the loopholes for hackers to work.

A PAM system can go further and block the user if they are performing unauthorized tasks, which is great for reducing the chances of falling victim to a cyberattack.

It is important to mention that no solution is 100% effective, but the more barriers there are between people and data, the lower the risks.

As we have seen, hackers have a variety of ways to perform their activities. When we talk about users with privileged access, we are dealing with a huge risk for the organization. A hacker can simply steal someone’s authorized credential and use it to break into the administrative system.

A PAM system is essential to put another virtual barrier, reducing the number of loopholes and considerably reducing the vulnerability of a system.

senhasegura is a PAM solution that allows and helps you to secure and protect your data. You can request a demo and learn more about the quality of the service provided. Do not waste time and do not be one more person in the victim statistics!

We are already in the month of May, and you know what we celebrate on the first Thursday of this month, rigtht? That’s correct, it is World Password Day. Celebrated since 2013, this day reminds us of adequate cyber awareness and the importance of password protection in all environments, whether professional or personal. It is not for nothing that passwords are called digital identities.

Our life has been linked more and more to the online world. Not only in relation to work, but also to learning, fun – our and our children’s, even physical activity, and much has been accomplished in digital environments, especially considering the covid-19 pandemic. And in these new times, when a large number of people perform activities remotely from devices without the proper cyber protection mechanisms, it is important to redouble the care with passwords and other sensitive data. Thus, we explain the importance of passwords and their adequate protection for users and organizations in this article.

The combination of user and password has been used as a basic defense mechanism for computer systems since the beginning of their implementation, preventing unauthorized access to data stored on systems and devices. Despite the creation of authentication mechanisms without a password, such as biometrics or one-time passwords (OTP), the combination of user and password is still widely used to access systems and devices. This is because such combination is easy and inexpensive to implement.

In a digital transformation scenario, the multiplication of systems, devices, and their respective credentials is a perfect scenario for malicious attackers to collect passwords and, thus, access data improperly. After all, remembering a password is much easier than the dozens (or even hundreds) of services that require some kind of authentication. It is estimated that the number of passwords per user is between 70 and 100.

According to Cybersecurity Ventures, the world ended 2020 with 300 billion passwords to protect. And the trend shows this number will increase dramatically. Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies.

And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must.

Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure. Certainly, your email password or mine is stronger than the one used by this American technology company.

So, on this World Password Day, here are some tips that should be considered by users to keep their data protected:

1. Use long and complex passwords. This prevents hackers from using techniques to guess them. However, just using complex passwords may not be enough to protect them from hackers.
2. Many devices are configured with default passwords. Change them immediately.
3. Avoid reusing your passwords on different accounts. Also, constantly check if you have already been the victim of a data leak through senhasegura Hunter. If so, change your passwords immediately.
4. Configure your passwords to be changed frequently. The ideal is at least every 3 months.
5. Do not write down, store in an easily accessible place, or share your passwords with others, thus avoiding unauthorized access.
6. Consider password management solutions, or even privileged access management (PAM), to manage the use of systems and devices.
7. Use Multiple-Factor Authentication (MFA) mechanisms to add a layer of security to your accounts.
8. Set up means of retrieving access, such as including phone numbers or emails.

Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attackvectors by hackers. And in the “new normal” era, with increasing threats resulting from the covid-19 pandemic, it is vital that users be alert and properly protect their digital identities. In this way, we can avoid cyberattacks that can cause considerable damage not only to people, but also to companies. And on this World Password Day, remember: security starts with you!

Undoubtedly, we are in the moment where the most precious asset is information. In addition to being much more dynamic, how information flows through the company must always be made with the security of sensitive data in mind.

First, you need to understand that if your company does not invest in security yet, it is taking serious risks. To give you an idea, there were about 30 billion records compromised by criminal actions in 2020 alone.

Moreover, companies have started to look for security areas to prevent attacks. Last year, about US $ 53 billion more was invested in cybersecurity, according to Canalys’s data.

Thus, it is necessary to pay more attention to the security of sensitive data, since attacks are more and more frequent. With that in mind, check out 7 signs that your company needs to improve the security of sensitive data!

#1. Systems Are Out of Date

Applications and software, in particular, always need to be updated to maintain security. Over time, malicious people study software and develop threats to their data.

This concerns all applications or programs in the company. Does the application developed for customers stay updated? Is the computer software up to date?

Besides, if your company does not provide maintenance to software and machines, the situation may be even worse. When a program fails, it is quickly exploited by potential attackers.

Thus, to improve the security of your data, it is essential to keep programs and machines up to date. Older programs are a loophole for possible invasions.

#2. Your Company Spends a Lot on Repairs

Some equipment simply does not meet current security requirements anymore. Not only that, but they also lack the capacity to maintain the functionality that is needed.

For this reason, outdated hardware tends to have many flaws, and your organization needs to replace them. What usually happens is that repairs do not solve the problem.

Quite the opposite: they generate more expenses and make a company even less secure. So, if you notice a lot of old equipment or high repair costs, it is time to improve security to solve this problem once and for all.

#3. Backups Are Rare and Information has Already Been Lost Because of That

There is no use waiting for the worst to happen. To keep your data protected, periodic backup is critical. When performing this procedure with less frequency, the company is automatically in the hands of luck in cases of invasions.

In addition to being prepared to prevent this type of loss, you should be aware that a backup is a great option. It is also important to invest in good tools that keep data saved in secure places.

Without a secure storage location for your data, it will only be stored on the equipment. Thus, the chance of a leak is much greater and you will lose all the information at once.

#4. The Company has No Control Over Privileged Accounts

In a company, privileged accounts are those that have access to the organization’s sensitive data. Therefore, they are accounts that can, for example, disable security systems and access any information on those systems.

So, it is important to always know who is viewing and accessing this information. Even within a company, there may be people with negative intentions, leaking this sensitive data to the web or elsewhere.

So, if you have no idea who accesses this type of account, your company’s data security is at serious risk. You can check out ways to maintain control over this type of access here.

Do not forget to fill out the form below to receive a demo of our protection services!

#5. Your Employees Access Unverified Websites

It is important to invest in access restrictions for company employees on the web. Whether intentionally or not, someone may end up downloading malware that damages and disrupts the company’s security.

Also, several websites are exclusively known for offering hacking services and making cyberattacks. In this way, it is interesting to invest in restriction settings that prevent access to this type of website.

#6. Security Passwords for Sensitive Data Are Not Administered

It is very common that when entering passwords for certain accesses, some people use very simple templates. Besides, always choosing the same password for all company accesses can be very dangerous.

This is because invasions can often occur on behalf of the employees themselves. So, the use of the same password can facilitate the access by malicious people to very important information.

If there is no good formulation for passwords, the company’s security is automatically more limited. Even due to unintended employee failures, data loss can create serious problems.

Therefore, regardless of the factors that allow improper access to this data, it is necessary to formulate good and unique access passwords.

#7. Slow Internet

Many malware work by downloading various programs on users’ machines. For this reason, the internet may be slower and it may be difficult to perform tasks that require more agility from this service.

As a result, a slow connection may indicate that your sensitive data are not protected. An infected computer can attract several hackers who work with information theft, and this can affect your company’s credibility.

The security of sensitive data cannot be endangered

Nowadays, a company needs to keep investments in data protection. Having confidential information leaked can even mean the end of a business.

For this reason, if your company needs to improve the security of sensitive data, according to the signs we have listed, pay attention. Hackers are increasingly qualified, and protection needs to be at the best level. Investing in security is essential.

Do you want to learn more about how to improve the security of your company? Check out the post we made explaining a little better about the management of privileged accesses! Click here and understand it.

With the growth of cyberattacks, access credentials have become a strong attack vector. In 74% of cases of data breaches, companies confirm unauthorized access to a privileged account as its main cause.

In addition, The Verizon Data Breach Investigations Report (DBIR) has found that 29% of the total breaches in cyberattacks involved the use of stolen credentials, second only to phishing.

Once a credential is compromised, a malicious attacker is able to move sideways, infecting other devices and increasing the risk of data leaks, or even infection by ransomware. The reason behind this (and because administrator credentials remain an easy target for attackers) is the high level of access that these credentials provide.

Generally, PAM or Endpoint Privilege Management (EPM) solutions are not designed to deal with the risks associated with standing privilege.

The standing privilege is when administrator accounts with privileged access are always active (always-on). On average, in a large company, it is possible to find 480 users with administrator access on their workstations.

Thus, the concept of Zero Standing Privileges (ZSP) aims to eliminate standing privileges within organizations and mitigate cybersecurity risks.

What is Zero Standing Privileges (ZSP)?

Administrative privilege provides the means by which attackers need to take criminal action, be it data exfiltration, data destruction, or other crimes.

When an organization has identities with standing privileges (always-on), it must prioritize efforts to control access to such identities, monitor their use, and protect them from misuse.

However, for most of the day, these highly privileged identities remain idle, unused, but still pose risks.

Traditional PAM approaches have focused on managing and controlling access to privileged account passwords or temporarily elevating privileges to manage when users can work with administrative privileges.

For example, a server administrator employee can check the password of the day to access their privileged personal account each morning. Or they can simply use a solution   to have their privileges elevated on demand.

Nevertheless, the focus of each of these approaches is to ensure that the employee uses their privileges in an authorized manner, considering that they are a good employee and not an attacker looking for ways to compromise the organization.

In both cases, the privileges granted to their privileged personal account or in the sudo configuration are permanent and at risk of being abused by a motivated criminal.

Just Enough Privilege (JEP) and Just in Time (JIT)

What if we can eliminate these standing privileges and replace them with a policy-driven process to allow privileged access only when necessary and with scope only for the required tasks?

The answer to that is using the concepts of Just Enough Privilege (JEP) and Just in Time (JIT). In a just-in-time workflow, there are no standing privileges for employees – no sudo settings to manage, no privileged personal account to monitor.

Instead, potential employee privileges are detailed in a centralized policy. When an employee’s job requires privileged access, they start an activity that describes what they want to do and what resources they need to do it.

Behind the scenes, an activity identity is created or activated and only required privileges are granted to perform just the desired task.

The activity is then performed interactively by the employee (for example, a remote desktop protocol for a server – RDP) or by the system on their behalf (for example, rebooting a server).

Upon completion of the activity, privileges are revoked from the activity’s identity and it is destroyed or deactivated.

By adopting this workflow, the privilege attack surface is reduced to the window during which the employee is actively using the privilege, which decreases the risk that an attacker will steal credential passwords.

Unlike traditional PAM, where the focus is on protecting the means (for example, privileged accounts or settings) that provide privileges, the focus of the JEP and JIT workflow is on the user.

All an employee needs to know is that they are required to restart a specific server, and the system will take care of providing, protecting, and destroying the privilege when they are done.

The goal of Zero Standing Privileges (ZSP) can be achieved through just-in-time privilege access, improving operational sustainability for your privilege access program and dramatically reducing the privilege attack surface.

Benefits of Zero Standing Privileges (ZSP)

Standing privilege is defined as the fact that accounts have access with persistent privileges at all times to some set of systems. Zero Standing Privileges (ZSP) is just the opposite.

It is the purest form of just-in-time administrator access, ensuring that the principle of least privilege is applied by granting authorized users the privileged access they need for a minimum period and only the minimum rights they need.

This elimination of permanent privilege through Zero Standing Privilege is really an advantage for understanding the current privileged access and mitigating possible cybersecurity risks.

Final Thoughts

It is encouraging to see the market has started to recognize standing privilege as a key risk that needs to be addressed and that storing secrets and rotating local administrator passwords on critical servers is not enough.

Attackers are targeting workstations as the easiest way and using the administrator access available on those workstations to spread across corporate networks.

It is necessary to consider a position of Zero Standing Privilege in our environments. Stolen credentials will continue to be the easiest target for attackers and will continue to contribute to 80% of data breaches.

Gartner is a company recognized for providing impartial, high-quality consulting and research on the IT market, as well as providing valuable information and insights to the entire technology community.

Through its more than 15,000 employees, Gartner also contributes to determining the IT standards in place and the market trends that will become a reality in the future. Its reach is global, being located in more than 100 countries.

Also, they have become a benchmark in the industry for maintaining high ethical standards and conducting meticulous research, while remaining independent.

Are you interested in the subject? Find out below the relevance of Gartner’s work and the importance of its Magic Quadrant and Critical Capabilities for PAM report for the technology market.

Gartner Relevance

Gartner not only provides important research for the technology market but also tools to help CIOs and IT leaders navigate an ever-changing world. In addition, it promotes conferences to help bring together leaders to talk about strategic actions for making commercial and technical decisions.

Among the extensive research documentation that Gartner provides to the community, there is a chart comparing competitors in many IT industries. They call it the Magic Quadrant.

What is the Gartner Magic Quadrant?

The Gartner Magic Quadrant uses a uniform set of assessment criteria with results plotted in a graphical form showing the competitive positioning, facilitating the verification of how vendors of digital products and services are meeting requirements and working in relation to Gartner’s market vision.

The Magic Quadrant is the first step in understanding what these vendors and their associated technology do. This tool helps you understand visions, strategic roadmaps, and all their ability to operate according to your specific needs.

Moreover, the report is an excellent tool for:

• discovering the relative competitive positions of digital services and technology vendors that compete globally;
• reflecting on individual business goals, needs, and priorities;
• contextualizing the assessment through the perspectives of the industry, region, and company size.

To fully understand the results of the Magic Quadrant, one needs to understand the meaning of each category or quadrant of the graph:

• Challengers: These are companies with excellent ability to execute. However, they are not yet able to direct the market in one direction.
• Leaders: These are companies that, in addition to offering a comprehensive set of tools, also have a vision and guide the market with new products and features.
• Visionaries: These are innovators with a strong understanding of current and future market trends, but still do not have the ability leaders have to execute;
• Niche Players: Here are the vendors that perform well in specific tasks, but their solutions are still quite limited in other aspects and functionalities.

What are Gartner’s Critical Capabilities?

As an essential companion to the Gartner Magic Quadrant, this methodology provides an insight into the capabilities of the vendors’ products and services, adding value to the assessment offered by the Magic Quadrant.

This research is used to better investigate the classifications of products and services based on key resources defined for important and differentiating use cases.

Gartner’s Critical Capabilities document is a comparative analysis that scores competing products or services against a set of critical differentiators identified by Gartner.

It shows which products or services are best suited in various use cases to provide actionable advice on which products/services you should add to your vendor lists for further evaluation.

Gartner’s Critical Capabilities and Magic Quadrant together offer powerful information such as:

• Deeper insights into product and service offerings from different vendors.
• Understanding of which products and services are best suited for common usage scenarios.
• Assistance in strategic planning and development of different value propositions with a comparative analysis of the main software, technology, or service offerings.

How important are Gartner’s Critical Capabilities for PAM?

Privileged Access Management (PAM) tools help organizations provide secure privileged access to critical assets, as well as meet compliance requirements by managing and monitoring privileged accounts and access.

According to Gartner in its Magic Quadrant and Critical Capabilities reports, PAM tools offer features that enable security and technology leaders to:

• Discover privileged accounts on systems, devices, and applications for subsequent management.
• Automatically manage and protect passwords and other credentials for administrative, service, and application accounts.
• Control access to privileged accounts, including shared and emergency access accounts.
• Isolate, monitor, record, and audit privileged access sessions, commands, and actions.

To qualify for inclusion in the PAM quadrant, vendors must deliver a service that has the following characteristics:

• Tools to discover, map and report on any privileged accounts across multiple devices, applications, terminals, and systems.
• A reinforced, secure, and highly available vault to store secrets and credentials.
• User interfaces for reviewing privileged credentials.
• Tools to automatically rotate and manage credentials for service, administrative, device, system, and application accounts.
• Support for role-based administration, including centralized policy management.
• Privileged account reporting and analysis tools.

As mentioned, Gartner is an institution that indicates the best technologies in its consulting services, so the better a solution is placed in its reports, the greater the chances of it being recommended.

Because of this, companies constantly invest in the development of their solutions, significantly increasing the quality and growth speed of their market.

senhasegura in The Gartner Magic Quadrant

Senhasegura has participated in the last two Gartner Magic Quadrants in the field of PAM (Privileged Access Management) solutions.

In 2018, the senhasegura solution was in the Visionaries category, and in 2020, it was included in the Challengers category, receiving recognition for all the work done.

According to Gartner, senhasegura stands out in aspects such as:

• Very efficient RDP proxy function.
• Excellent performance for session management.
• Advanced account discovery and mapping features.

Also, it received recognition for its great progress in the area of DevOps and the analytical resources in its PAM solution.