AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that "Keeping machines up to date is an IT management job, but it's a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what's going on and what processes are running and what's consuming network bandwidth is an IT management problem, but it's a security outcome. I don't see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints."
"Once you have that leadership buy-in then the security team needs to go ahead and make sure your policies are updated to reflect how privileged accounts should be managed," Peeples said. "Once the policies are in place then you are able to introduce the tool to the teams and show them how to use the tool. Teams can learn for example, 'Secret Server is a tool that you can use to be compliant with the current policies that are in place.'"
An insider threat is a security threat that arises from inside an organization which generally includes a current or former worker or partner who has the ability to obtain to sensitive information within the organization, and abuses this role. Today, most of the security actions serve for external threats and most of the companies are not unfailingly proficient in recognising an internal threat originating from within the organization. Learn 2019 insider threat statistics to see how you are prepared against these attacks. The report has been created by Cybersecurity Insiders, the 400,000-member community for information security professionals, to investigate how organizations are reacting to the evolving security threats in the cloud. This data reveals that insider threats remain as serious risks for organizations and they still need vital effort in designing and building effective insider threat programs, including user entity and behaviour analytics (UEBA).
Privileged accounts have access to the most valuable corporate information, which is why they are often targeted by attackers. As a result, organizations face the need to manage privileged access in a secure and effective manner. Many compliance regulations have strong security control recommendations for privileged user management. To meet these requirements and prevent devastating data breaches from happening, organizations implement various Privileged Access Management (PAM) practices in their security routine. But how to choose the right PAM solution and what features to look for?
Google is letting you sign up to accounts that are much less convenient to use, but far more secure. The company has announced the Advanced Protection Program, a new initiative designed to protect you from a number of online threats. They won't be for everyone, as they're not as easy to use as regular Google accounts, but for some people that's a price worth paying for increased security. Once you sign up to the Advanced Protection Program, you won't be able to access your Google account with just your email address and password. You'll also need to use a Security Key, a small, physical USB device you'll need to carry around with you.