As a wave of digital transformation continues, data and workloads sitting in the cloud increase simultaneously.
Even though many organizations have benefited from the efficiencies brought forth by the transformation, these changes have led to an increased attack surface for organizations.
With the increased in attack surface, customer and business partnerships are at higher risk of being irreparably damaged, including lost trust, due to a data or system breach.
In this paradigm, identity has become the new perimeter. However, many organizations are challenged with implementing an effective identity and privilege management strategy.
This is a pressing concern, as Forrester estimated that 80% of security breaches involve compromised privileged credentials.
So how can organizations guard against these threats effectively, while exceling in their digital transformation journey?
One of the widely executed strategies is to adopt the principle of least privilege: the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required and the time needed to perform legitimate functions.
Privilege itself refers to the authorization to bypass certain security restraints. When applied to people, the principle of least privilege (POLP), means enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her role.
However, least privilege access also applies to processes, applications, systems, and devices (such as IoT), as they each should have only those permissions needed to perform an authorized activity.
“In the context of digital transformation, a swiftly expanding digital perimeter inevitably makes organizations more vulnerable to the cyberattack chain,” says Scott Hesford, director of solutions engineering for APJ at BeyondTrust.
“The attack process starts with a successful perimeter breach or insider misconduct, followed by the theft of ‘privileged’ user credentials through either poor privilege security management or exploitation of a vulnerability.”
With privileged user IDs and passwords in hand, an attacker can then move laterally throughout an organization, seeking its most valuable digital resources.
Enforcing least privilege is an instrumental best practice to reduce security risk and minimize business disruption resulting from errors or malicious intent.
It is also important that leaders are well versed on the risks associated with digital transformation, leading the effort in driving their organization’s cyber resiliency.
According to consultancy firm McKinsey, the focus and efforts of senior management is the single biggest driver of maturity in managing cybersecurity risks — more important than company size, sector, and resources provided.
Collaboration across the region
On a larger scale, cyber security associations are also coming together to ramp up the effort in building a secure and cyber resilient space that empowers digital transformations.
At the regional level, the South East Asia Cybersecurity Consortium (SEACC) is established to drive cybersecurity strategy and initiatives across Southeast Asia, building a safer cyberspace for a borderless digital economy.
“AiSP has signed a Memorandum of Understanding (MoU) with various associations from Indonesia, Cambodia, Brunei, Malaysia, Myanmar, Thailand and Vietnam at the inaugural South East Asia Cybersecurity Consortium (SEACC) Forum held on 23 November 2022,” says Johnny Kho, president of AiSP.
The establishment of the consortium marked a big step for regional growth and progression in the cybersecurity space.
“Through added partnership, the SEACC will work hand in hand towards building a safe and trusted cyberspace where our people and businesses trust and are confident to live, work and play in the SEA region,” adds Johnny.
AiSP will be signing a MoU with Women in Security Alliance Philippines (WISAP) on April 25, bringing the Consortium to the next level, fostering collaborations with 90% of the ASEAN countries.
“It is part of WiSAP’s mission to increase its presence by sharing what we have to benefit more practitioners and organizations who chose to defend our core assets that fuel the economy within our country and within the region,” says Mel Migrino, chairman and president of WiSAP.
“Through this partnership, we will be able take an active role in establishing standards and practices that can be adopted by countries within South-East Asia, and help narrow the gap on cybersecurity skills by taking in diversity not only on gender but on the capabilities and culture that are embodied in each of us.:
BeyondTrust is proud to support the MoU signing between AiSP and WiSAP at the Discovery Primea where you can also learn more on the importance of digital trust in your transformation journey.
