Cyber risks are constantly increasing. However, the necessary investments in IT security often remain insufficient because many companies feel adequately protected. However, this is often a fallacy and associated with extremely high security risks, says security expert CyberArk.
Many companies are actively driving digitization forward. However, the topic of cyber security is neglected. This is confirmed by 73 percent of the IT decision-makers surveyed in Germany in a recent study by CyberArk.
Excuses instead of investments
Companies give different reasons for not investing in security. Common statements are:
- "We are already secured enough, for example by the perimeter protection."
- "What's supposed to happen? We are too small and therefore uninteresting for hackers.”
- "So far nothing has happened."
These assessments do not do justice to the current IT security situation. After all, security risks are increasing across the board. There are a variety of reasons for this, such as more sophisticated methods used by hackers or the increasing use of cloud services. The cloud is a good example of the fact that classic security measures aimed at the network perimeter are becoming less important. Identity has emerged as a new perimeter. This makes it the most important line of defense for companies. Therefore, companies should also pursue an identity-based security strategy that takes all users, systems, applications and processes into account. Important aspects are Zero Trust, Least Privilege and MFA.
Zero Trust, Least Privilege, MFA
Among other things, the Zero Trust principle provides for the review of all actors and processes that want to establish a connection to critical systems. Every identity that wants to access company resources is always verified with several factors - the more critical the access, the stronger the authentication.
Least privilege and just-in-time approaches avoid a permanent accumulation of rights and give users appropriate rights depending on the activity to be performed. This also significantly reduces the potential attack surface for hackers.
Multi-factor authentication (MFA) is one of the basic security controls in an era of increasing cyber attacks. A particular advantage is the use of an adaptive, context-based MFA, which on the one hand maintains productivity and on the other hand minimizes security risks.
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.