Mitigating Insider Threats

            Insider  threats  pose  a significant  risk  to  data  security.  The  frequency  and  financial  impact  of  insider-
            related incidents keep increasing, averaging an annual cost of $15.38 million, according to the 2022 Cost
            of Insider Threats Report by Ponemon Institute.

            Accordingly, insider threat protection is a key element in cyber insurance risk assessments. PAM directly
            reduces this aspect of an organization’s risk profile by enforcing strict access controls and providing close
            surveillance of privileged accounts, thereby making it more favorable in the eyes of insurers.




            Facilitating Regulatory Compliance and Alignment with Cybersecurity Frameworks

            Cyber insurance  providers  frequently  mandate  proof of adherence  to regulatory  standards  like GDPR,
            HIPAA,  and  PCI  DSS.  These  regulations  demand  rigorous  management  of  access  to  sensitive
            information — an area where PAM solutions excel.

            Moreover,  integrating  PAM  into  security  protocols  helps  organizations  align  with  cybersecurity
            frameworks  like  NIST  CSF  and  COBIT.  Insurers  often  view  such  alignment  as  a  testament  to  an
            organization’s  commitment  to cybersecurity  because these frameworks  provide best practices and key
            benchmarks for mitigating risk.

            PAM solutions are crucial in aligning with the NIST cybersecurity framework. In this case, such solutions
            help organizations:

               •  Identify  and  protect  critical  assets:  PAM  solutions  identify  privileged  accounts  and  provide
                   robust protections to secure them.
               •  Detect  anomalous  activity:  Through  continuous  monitoring  and logging  of privileged  account
                   activity, PAM aids in the early detection of potential security breaches.
               •  Respond  promptly  to  incidents:  PAM  enables  organizations  to  quickly  restrict  access  to
                   compromised accounts.

            Transport  and logistics  service  provider  H. Essers  provides  a real-life example  of how PAM  assists in
            aligning with NIST. The company had achieved ISO 27001 certification, but they also needed to comply
            with  the  NIST  framework  to  meet  cyber  insurance  requirements.  Netwrix  Privilege  Secure,  a
            comprehensive PAM solution, enabled them to gain the strong control and monitoring they needed over
            vendor  and  contractor  access  to company  systems  through  capabilities  like  multifactor  authentication
            (MFA) for admin sessions  and improved  password  management  — which enabled them to secure the
            renewal  of  their  cyber  insurance.  Plus,  the  solution  also  fulfilled  their  requirements  for  ease  of  use,
            scalability, and agility to adapt to changing  cyber insurance  demands. Indeed, the solution enabled the
            company  to  “avoid  large-scale  consultancy  costs  and  shorten  the  setup  process  to  a  single  day,
            compared to the several weeks required by other products,” according to Ivar Indekeu, Senior Manager
            of IT Operations for H. Essers.









            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          109
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.