Forrester estimates that 80% of data security breaches are linked to privileged accounts. Since Privileged Accounts give people access to an organization’s most sensitive data, any compromise due to lack of appropriate controls, could lead to immense damage to the organizations business and reputation. Recognizing the magnitude of this risk, Gartner too has pinned Privileged Access Management (PAM) as the most important security initiative that organizations should focus their energies towards.
Given this fact, one would expect that financial institutions especially would be at the forefront of implementing PAM, considering the highly sensitive nature of their data. But unfortunately, that is not the case. Despite a series of well documented cyber breaches using compromised privilege accounts, most financial institutions have been lagging in implementing a PAM program to effectively mitigate such risks.
Recognizing the risks and the frequency with which such data security breaches are occurring, regulators have now stepped up the pressure on these organizations to implement PAM controls. Institutions need to be compliant with NIST, HIPAA, PCI DSS, SOX and FISMA regulations if they want to lower cost of auditing and monitoring. These regulations expect that financial institutions will:
Any institution not having these controls and processes in place for privileged access accounts, should consider themselves as high-risk and susceptible to data security breaches. But, establishing a robust PAM program requires an experienced team, well-tested processes and a PAM product that would help address all the security and compliance requirements. A good PAM program would help to reduce risks, lower cost of operations and improve compliance.
CISO’s of such high-risk institutions should now proactively engage with experienced and certified PAM service providers to establish a comprehensive privileged access management program. These highly trained and experienced teams can help to: