The Privileged Insider Threat: A ticking Time Bomb in Your Organisation
You’re about to read a shocking exposé that will blow the lid off the darkest corner of your company’s security landscape. Loren Hollingworth, a cunning business development executive at iOCO Infrastructure Services, has been granted an exclusive peek into the underbelly of your organisation’s privileged access management (PAM) practices. What she’s uncovered will make your blood run cold.
The Privileged Few
Gartner defines PAM as a set of tools that grant or revoke access to sensitive systems, apps, and data. But who has access to these coveted assets? You might be surprised to learn that it’s the same insiders who have been entrusted with your company’s most valuable secrets. Think system and database administrators, developers, architects, application owners, and IT managers – the very people you think you can trust.
The Vendor Problem
But that’s not all. External vendors and outsourcing partners are also privy to your company’s critical systems and data. And with many IT administration contracts being offshored, controlling and monitoring privileged access has become a major concern. The stats are alarming: most cyber crimes are committed by insiders, and the Ponemon Sullivan Cost of Insider Risk Global Report (2023) reveals that 55% of incidents are caused by careless employees, resulting in a staggering average annual cost of $7.2 million.
The PAM Solution: A Necessary Evil
Every organisation needs a PAM solution to mitigate security risks, improve regulatory compliance, reduce operational complexity and costs, and enhance visibility and situational awareness. But don’t think it’s just about checking the right boxes – a PAM solution must be able to identify malicious activities linked to privilege abuse and prevent costly breaches.
The Cost of Carelessness
The 2023 report notes that incidents involving criminal or malicious insiders are less prevalent but more costly, with an average annual cost of $701 500. Credential theft incidents cost an average of $679 621 per incident. The research is clear: PAM plus user training and awareness programs are essential to reducing the cost of insider risk.
The Way Forward
Companies must scrutinise their IAM capabilities and evaluate if they need to be modernised. The chosen solution must deliver the ability to control, protect, and record privileged account use and access to critical assets and resources. In my next article, I’ll dive deeper into the challenges businesses face in implementing PAM, the role of the zero-trust model, and why a SaaS-based approach can be the most cost-effective route. Buckle up, because this journey is about to get real.
