Recently we’ve come across this research from the World Economic Forum here. Here we’ve reworked the data to show both the risks in terms of impact and probability along with the trends:
We’ve faded down all the non-technical risks and shown to top right quadrant. To some this obviously shows that cyber-attacks should be the board’s primary concern, to us it shows that risk is very high, very probable and set to get worse.
But that single blob representing cyber-attacks is great for ‘board based fear factor’, however it doesn’t help the teams that have to deal with security (apart from easier budget justifications). Those teams need the detail – what are the attack vectors? what attacks are being successful and how are they blocked?
SIEM solutions can generate a lot of noise, especially when left static, they may be optimised to alert particular types of attack, but as these attacks change the real data can be lost in noise. Of course this is just the progression of ‘log all the things’, ‘patch all your servers’ and ‘keep up to date’.
At Osirium we propose an additional strategy: ‘reduce your attack surface’. You’ll notice from the Kill chain diagram that all attacks have to go through the escalate privileges stage. 99.9% of attacks do so by gaining access or control of Privileged Accounts. That’s where our PxM Platform helps. It separates people from passwords Privileged User Management (PUM), and with its task scheme Privileged Task Management (PTM) many people will never need access to a Privileged Account. Since the biggest attack vectors are the vulnerabilities of User’s workstations and the phishability of the users themselves we’d say that our Platform solution was a major contribution to Cyber Safety.
Related Articlesterm->name is Risk Management
Why Privileged Access Management should be on every Operations Managers’ wish list
We demonstrate how a Privileged Access Management solution helps Operations Managers in their daily roles, bringing speed and simplicity to everyday… Read Post
KuppingerCole Webinar – Closing the Loop Between Audit and Action: Meet Compliance Needs With Privileged Access Management
Join international analyst KuppingerCole and Osirium for a webinar titled ‘Closing the Loop Between Audit and Action: Meet Compliance Needs With… Read Post