The Government Communications Headquarters (GCHQ) recently announced a new initiative aimed at advising business leaders in Britain on cyber security. The announcement focused on the credible threats to cyber security of an unprecedented scale, diversity and complexity – paying particular attention to privileged user accounts.
Nick Baglin, VP of sales, EMEA, at Privileged Identity Management (PIM) expert, Cyber-Ark, said of the announcement: "We've seen countless organisations suffer at the hands of cyber-attackers in the last eighteen months, whether they be Government bodies, huge consumer brands or even utility companies. Given the remarkable sophistication of some of the threats currently facing British businesses, it is encouraging to see GCHQ offer best practice advice to organisations at a board level.
"It is particularly noteworthy to see privileged access recognised as a key element to address in order to protect corporate networks and data. So many recent attacks have seen privileged accounts exploited to access and extract data, including the Stuxnet and Flame viruses. However, advising organisations to simply limit the number of privileged user accounts – as the initiative does – is somewhat unrealistic, especially for larger organisations, which may have tens of thousands or more of these accounts. Instead, businesses should focus on how to best protect and manage their privileged credentials – employing solutions that secure and monitor privileged access, while providing accurate reporting of all privileged activity for audit, compliance and forensic purposes.
"It is only by focusing on the security and management of privileged accounts that the evolving security threats faced by British businesses will be properly mitigated."