sb-nz logo
Story image

85% of organisations struggling with access management – Thycotic

03 Apr 2019

Privileged access management (PAM) solutions provider Thycotic has announced the release of its 2019 State of PAM Maturity Report.

The report summarises the aggregate data from more than 450 organisations across the globe that participated in Thycotic’s Q4 2018 PAM Maturity Model assessment survey to-date.

According to survey results, while nearly four out of five organisations (78%) now include privileged credential protection as part of their cybersecurity policies, their PAM security practices are woefully lacking and even worse than you might expect.

Eighty-five percent of respondents are still struggling to get beyond the initial phase of PAM maturity.

Among those failing to reach even a basic level of maturity:

  • 55% of organisations have no idea how many privileged accounts they have or where they’re located.
  • More than 50% of organisations’ privileged accounts never expire or get deprovisioned.
  • Only 18% of organisations are storing all their privileged accounts in a secure privileged access management vault or password manager.

“The 2019 State of Privileged Access Management Maturity Report is a wakeup call for organisations worldwide to immediately assess their PAM practices with a goal of moving beyond dangerous habits to implementing a PAM Lifecycle Model, which is outlined in our report,” says Thycotic chief security scientist Joseph Carson. 

Thycotic introduced the free, online PAM Maturity Model assessment survey in Q4 2018 to help organisations determine progress along their journey to lower privileged account risk, increase business agility and improve operational efficiency.

The PAM Maturity assessment consisted of 11 questions that determined how far an organisation has progressed through the four phases of PAM maturity.

As the basis of understanding the results of the PAM Maturity report, the four phases of Thycotic’s PAM Maturity Model assessment consisted of the following:

Phase 1 – Analogue - Organisations in the Analogue phase face a high degree of risk.

Phase 2 – Basic - Organisations transition from Analog to the Basic stage of PAM maturity, by adopting PAM security solutions and automating time-consuming, manual processes. 

Phase 3 – Advanced - Organisations in the Advanced phase of PAM maturity have moved from reactive to a proactive privilege security strategy.

Phase 4 - Adaptive Intelligent - As the ultimate stage of PAM maturity, organisations in the Adaptive/Intelligent phase take continuous improvement to a higher level, integrating leading technologies such as machine learning to collect information and adapt system rules.

“Lack of visibility into how many unprotected privileged accounts exist in an organisation and where they are located is an enormous risk for organisations,” says Carson.

“Because privileged accounts such as local admin and service accounts exist everywhere in multiple places throughout an organisation, trying to manually discover and manage them is virtually impossible.

“The first step of any organisation should be automating privileged account discovery on a continuous basis so that you can see what you need to protect and what security controls should be in place.”

Story image
Guardicore Labs exposes brute force MS-SQL attack campaign
The cyber attack campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. More
Story image
Marriott International reports breach affecting 5.2 million customers
Marriott said in statement that an ‘unexpected’ amount of guest information may have been accessed in mid-January this year, using the login credentials of two employees at one of the company’s franchise properties.More
Story image
Houseparty denies security breach as users accuse app of hacking accounts
The popular face-to-face video hosting service has been accused of hacking users' other accounts, a claim Houseparty disputes.More
Story image
PMT Security launches body-temp scanning solution for enterprise, Seadan to distribute
"It was a no-brainer for us to choose our trusted partners Seadan. We engaged and took advice from them during the decision-making process to find the best UNV product to bring to market."More
Story image
Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory
“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking."More
Story image
New solution shines light on Dark Web credential trading
The Kaseya-owned Spanning Cloud Apps has released software that monitors the Dark Web for compromised Office 365 credentials.More