I have been reading Ruchir Sharma’s The Rise and Fall of Nations recently where I came across two interestingly coined terms – ‘anchoring bias’ and ‘confirmation bias’. Anchoring bias is the tendency to believe good times will last forever. Confirmation bias is the tendency of collecting only the data that confirms one’s existing beliefs. The idea that the book tries to convey is from a global economy perspective where you should identify signs and be attentive to sniff the hidden and not-so-obvious signals. Why am I saying all this and what is the relevance to privileged access security you may think. Let me explain.
Anchoring Bias in the Privileged Access Security Context
Often, it so happens that in an enterprise setting, as soon as one implements a security solution, there is a tendency to believe that ‘we have implemented a solid security solution, we are compliant with our regulatory requirements, blocked ways for cyberattacks to take place and good times await us going forward’ – this ever so slightly tends to the anchoring bias concept. An extension to this would be thinking ‘we have covered all possible areas of cyberattacks with robust solutions so our attack surface has been reduced’. However, the reality is so long as an enterprise has critical assets, there will be attackers scheming their attack vectors. Cybersecurity, in general, is never about happily ever after, it is a continuous process. It is a well-known fact that cyber invaders are always on the lookout for new vulnerabilities to exploit and it is up to the security team to ensure that they don’t give in to the anchoring bias but instead strive to keep finding vulnerabilities and ways to protect those loopholes.
In a similar fashion, you have evaluated and implemented a privileged access security product for your infrastructure and critical assets. But does that end there? Are you monitoring and aware as to how the product has been implemented in line with your user requirements or future architectural requirements? Are you on top of all the capabilities of the product and which capability is of paramount priority for your user access? Are you assessing the adoption and usage of the product among all privileged users? Answers to these questions will guide you to an important decision for 2018 – the Re-evaluation of existing products.
Confirmation Bias in the Privileged Access Security Context
Let’s evaluate confirmation bias now in this context. How to ensure you are finding the right vulnerabilities and not missing out on any critical weak points? Are you likely to be the victim of confirmation bias? You are a security expert. You have analyzed historical patterns, identified and zeroed in on the different types of attacks and why those attacks happen and have even to an extent predicted the kind of attacks that are plausible. Yet, there is a 0.1% chance that you may have given in to confirmation bias by only collecting data enough to analyze historical patterns and your predictions and beliefs of why past attacks happened and why some are predicted to happen. Based on this, you have identified key privileged accounts and have done the needful to protect their access. But have you rightly identified all the critical devices in your infrastructure (both on premise and cloud) stack? Have you accurately mapped all the different types of privileged accounts associated with these devices?
You have considered all your internal privileged users. But what about external users such as third party vendors & remote users. It is the age of remote users, they are everywhere. Even internal users today can be considered remote users, courtesy trends such as BYOD & offshore outsourcing. It has therefore become imperative today to focus on securing remote privileged access. More often than not, for collaborative activities to be facilitated for remote users, additional privileged accounts are created – sometimes known, in most cases unknown and unaccounted for exposing security gaps for cyber attackers to leverage. This leaves you thinking that your privileged user security goal for 2018 should be a renewed collaboration based privileged access security.
Prioritize Privileged Access Security
To play my part of creating more awareness, it is recommended that you prioritize securing Remote aspects of every privileged User– a gateway that can bestow supreme levels of authority and power to cyber attackers causing enterprises significant business and reputational losses. The goal is to understand the in and out of your infrastructure including critical devices and critical users and analyze all possible vulnerabilities and weak points. Dare to think of the worst and as the popular belief goes ‘hope for the best, prepare for the worst’.
How we can help?
At Sectona, we have engineered an advanced Privileged Access Management (PAM) and have developed a unique cross-platform and collaborative PAM suite for enterprises and service providers of any size and scale. We are equipped to help you stay ahead of the curve from the PAM perspective with our renewed PAM approach. Check out our Spectra Privileged Access Management and SpectraMSP to learn more about our products.