A fresh new year brings fresh new possibilities – and in some cases, critical problems to solve. With respect to the latter, last month we asked you to share your top IT security priorities in 2024.
Let’s take a look at the responses to see what’s on your mind and agenda, starting with a spotlight on the three most popular priorities: automatic password rotation, privileged access management (PAM), and end user training.
#1: Automatic Password Rotation
The most popular security priority for 2024 is implementing automatic password rotation.
Clearly, this is a step in the right direction, since rotating passwords is significantly more secure vs. having the same password available for multiple logins. However, there are some potential concerns as well.
It could still be possible for hackers to steal passwords and access accounts before they are automatically rotated (reset). Once inside, they could create backdoors that allow re-entry, regardless of the new password.
A proven way to defend this threat vector is to use account brokering, which inserts credentials on the back end. Users never see passwords, yet they can still access the necessary accounts to complete their day-to-day tasks. And as an administrative bonus, SysAdmins don’t have to deal with an endless stream of tickets from panicked and frustrated users who are locked out of their accounts! Remote Desktop Manager, Devolutions Server, and Devolutions Hub all support account brokering. To learn how we can help you make this priority a reality in 2024, contact us at email@example.com.
The second most popular IT security priority in 2024 is to implement (or fully-implement) a PAM solution.
This is another big step in the right direction. As Gartner advises, PAM plays a core role in enabling zero trust and defense-in-depth strategies that go beyond basic compliance requirements. Plus, as we discussed recently, a growing number of cybersecurity insurance providers are requiring that companies have specific PAM controls in place as a pre-condition for getting coverage
The PAM module in Devolutions Server and (new) Devolutions Hub Business are built to help SMBs manage, monitor, govern, and secure privileged accounts. This is more important now than ever, since 74% of all data breaches start with privileged credential abuse. Get in touch with us to learn more and see how we can help!
#3: End User Training
Wrapping up the top three most popular IT security priorities for 2024 is providing end user training. End users have always been — and probably will always be — the weakest link in the IT security chain. Making them part of the solution is smart and necessary.
In addition, end user training can help identify and eliminate “Shadow IT.” This refers to the use of hardware, software, and/or cloud services without the knowledge and approval of the IT team. While some end users deliberately break the rules, many are not even aware that they are putting their accounts and devices — and by extension, their entire company and perhaps its customers as well — at risk. Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside IT’s visibility, up from 41% in 2022.
Here is a snapshot of the other important IT security priorities that were mentioned:
- Fully configure the EDR system for better automated response
- Increase security monitoring footprint to detect any new assets that are spun up
- Implement more 3rd-party service-ticket providers like ServiceNow
- Get our arms around vulnerability management
- Implement SIEM
- Browser sandboxing
- Implement or upgrade VPM
- Replace all firewalls to a new vendor
- Require the Dev Team to stop using default credentials
- Improve monitoring and alerting
- Explore cybersecurity-supported by AI
- Explore cloud strategy
- Explore vulnerability management
- Eliminate all of the various ways of remote connecting to customers and implement a centralized remote solution
- Close out all inherited IT tickets (our Support Team is rooting for you, Rick Hensley!)
The Winners (Part 1)
To start with, you’re ALL winners, because you’re taking IT security seriously and viewing it as a top concern — which is the only way to approach and understand what’s really going on.
Indeed, it has been wisely said that “if you cannot afford IT security, then you definitely cannot afford a breach.” The average cost of a cyberattack on SMBs now ranges from $120,000 to $1.24 million (USD) per incident. And for larger organizations, the price tag can climb into the hundreds of millions of dollars. The moral to this scary story? When it comes to IT security, being proactive is FAR smarter, simpler, and cheaper than being reactive.
The Winners (Part 2)
Now, let’s reveal the two lucky poll participants who were randomly selected to win a $25 Amazon gift card. Congratulations RealZombiegeek and FFournier! Please email me at firstname.lastname@example.org to claim your prize.
Thank you to everyone who participated in the January poll, and gave us plenty to discuss around here. And please stay tuned for the February poll, which will be available very soon.