BR +55 11 3069 3925 | USA +1 469 620 7643

Verizon Data Breach Investigation Report 2021: What You Need to Know About This Report

Verizon Data Breach Investigation Report 2021: What You Need to Know About This Report

Verizon Data Breach Investigation Report 2021: What You Need to Know About This Report

Human interaction with IT structures represents one of the main cyber threats faced by organizations of the most diverse sizes and industries. 

This is just one of the important pieces of information extracted from the Verizon Data Breach Investigation Report 2021, issued by telecommunications service provider Verizon.

The document reveals aspects of extreme relevance for organizations that wish to anticipate problems such as cyberattacks and data leaks, avoiding a series of inconveniences and losses.

In this article, we explain what exactly this report is and how you can use this data in your company’s favor. Check out our list of topics below:

  • Verizon Data Breach Investigation Report 2021: What Is This Report?
  • Data Extracted from the Verizon Data Breach Investigation Report 2021
  • Is Verizon Data Breach Investigation Report Reliable?
  • What Should Be Done in Practical Terms with the Information in the Report?
  1. About senhasegura
  2. Conclusion

Follow our text to the end!

Verizon Data Breach Investigation Report 2021

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

9 + 5 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Verizon Data Breach Investigation Report 2021: What Is This Report?

The Verizon Data Breach Report consists of an annual report, published by telecommunications service provider Verizon, on security incidents and data breaches that occurred in the previous year.

In this report, information is shared about the different types of attacks and vulnerabilities, also indicating the main changes that have occurred in the world when it comes to cybersecurity. 

For the 2021 edition, prepared with the collaboration of 83 companies, 29,207 real security incidents were analyzed, which – according to Verizon – would have compromised the integrity, confidentiality, or availability of information assets. 

Of this total, 5,258 violations were confirmed, which resulted in the unauthorized propagation of data. 

In the next topic, we cover some important information extracted from the Verizon Data Breach Investigation Report 2021. Continue reading and check it out. 

Data Extracted from the Verizon Data Breach Investigation Report 2021

The following are the main data collected by the Verizon Data Breach Report for its 2021 edition:

  • 61% of Cyberattacks Surveyed Involved Privileged Credentials

Privileged credentials are among the main vectors of attacks by malicious agents and, according to the Verizon Data Breach Report, they motivated 61% of cyberattacks performed in 2021.

Therefore, organizations must adopt protective measures, raising awareness and training their employees so they can avoid risks, and adopting solutions such as PAM, which makes it possible to reduce insider and external threats.

  • Privilege Abuse Was the Cause of 70% of Attacks Involving Misuse of Credentials

Many organizations fail to apply the principle of least privilege, which grants each human user or machine only the required access to perform their activities. 

As a result, they face internal risks, such as the privileges granted to active or dismissed employees.

The abuse of these privileges, granted in excess or not revoked, has caused 70% of attacks related to the misuse of credentials, according to the Verizon Data Breach Report.

  • Phishing Is the Main Tactic Used by Malicious Attackers

Phishing is a cyberattack in which the hacker uses the identity of a legitimate institution, gaining the trust of its victims to steal sensitive data, such as banking information.

Very common, this type of crime is the main approach applied by malicious attackers, according to Verizon Data Breach Report. For this reason, organizations must train their employees to avoid this threat.

For that, it is possible to perform exercises that simulate phishing campaigns, preparing users to detect it. 

 

  • 30% of Attacks Involved Social Engineering

The Verizon Data Breach Report reveals another factor that poses a major risk to the cybersecurity of organizations is related to the behavior of unsuspecting or poorly trained users, who may become victims of social engineering attacks.

This technique is widely used by malicious attackers to persuade their victims to send sensitive data or perform actions that facilitate their actions.

Information collected by the Verizon Data Breach Report points out that 1,761 social engineering attacks carried out in 2021 resulted in the disclosure of data, which often generated the loss of credentials, usually used in hacker and malware attacks.

Another relevant information is that most of these attacks were detected externally, showing that IT and security teams, system administrators, and employees of organizations would not be aware of these crimes. 

 

  • Attacks Involving Cloud Are Increasing

The use of cloud-based solutions grew exponentially with the Covid-19 pandemic, which imposed social distancing, making room for remote work.

In addition, companies were able to know all the advantages related to these services, which include more speed and scalability.

However, despite its numerous benefits, the adoption of cloud computing challenges those who are concerned with ensuring digital security.

This is because many human users and machines use privileged credentials to access cloud resources, increasing the attack surface and risks.

In the Verizon Data Breach Report, it is possible to verify that, among the attacked assets, those from the external cloud were more common than the local ones. This information reinforces that hackers can take advantage of the lack of visibility inherent in cloud environments.

  • The Human Aspect Was Involved in 85% of the Attacks

Often, unintended incidents, such as the incorrect configuration of database assets, directly compromise an organization’s cybersecurity, as evidenced by the Verizon Data Breach Report.

In this latest version of the report, Verizon has detected and assessed 919 incidents, 896 with confirmed data propagation. Among the compromised information, 79% were personal data, 17% were from physicians, 13% related to banks, and 13% to credentials.

Moreover, it was noticed that 50% of violations generated by human errors are caused by administrators and 30% by developers, with incorrect configurations representing 50% of these errors and incorrect deliveries representing 30%. 

Also, according to Verizon, data storage was observed being placed on the internet without controls and searched by security researchers.

Is Verizon Data Breach Investigation Report Reliable?

The Verizon Data Breach Report is a widely known and respected annual report, being one of the best in the world when it comes to violations and incidents globally. 

It consists of a totally impartial initiative, since it does not promote any product or service. In addition, data are collected from institutions around the world, which makes it truly global. 

This data is used to understand and share what are the vulnerabilities that generate violations and incidents, considering the technical and human risks. 

Verizon works with transparency both with regard to its sources and the data analysis process. 

What Should Be Done in Practical Terms with the Information in the Report?

Now that you have checked the key information raised by the Verizon Data Breach Report, you may be wondering what to do with this data in practice. 

First, it is essential to analyze human risk factors and prioritize the key threats faced in this regard by your company, managing these risks more effectively. 

It is also extremely important to use the Verizon Data Breach Report as a support instrument, showing the organization’s leaders the relevance of human risk and why it is recommended to invest in awareness and training of employees who interact with the IT environment.

Check out the main points to be considered below:

  • Awareness first: In this latest report, Verizon ranked the top risk factors for eleven different industries, recommending the Center for Internet Security’s top three controls to manage the risks of each of them. The only common control for all areas was Security Awareness and Training.
  • People are a major risk factor: 85% of the violations raised by the report are related to human interaction. Therefore, it is not enough for companies to adopt a technology-only strategy to eliminate risks and ensure cybersecurity. After all, the intention is not to protect the assets themselves, but the organization as a whole, which includes its employees. 
  • Human errors generate many disruptions: many companies focus their security strategies on explicit threats such as the actions of malicious attackers. However, 20% of violations are caused by a human error committed by people trying to work the right way. 

Among these errors, the incorrect configuration of cloud accounts stands out, which results in the sharing of the organization’s data with the wrong people. Therefore, it is highly recommended to have a solution that solves this type of failure and a professional responsible for it. 

  • The two main types of attacks are associated with phishing and passwords: so, if you do not know where to start training your employees to get better human risk management, start with these elements, which should be an essential part of an awareness plan.

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001, and we aim to provide digital sovereignty to our customers through the control of privileged actions and data.

With this, we prevent data leaks and theft, as we manage privileged permissions before, during, and after access through machine automation. We work to:

  • Optimize the performance of companies, avoiding interruption of operations; 
  • Perform automatic audits on the use of permissions;
  • Audit privileged changes to detect abuse of privilege automatically;
  • Provide advanced solutions with the PAM Security Platform;
  • Reduce cyber threats; and
  • Bring the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

In this article, you saw that:

  • The Verizon Data Breach Report is an annual report on security incidents and data breaches that occurred in the previous year;
  • According to this report, the threats generated by human actions and errors stand out among the main risks faced by companies, in addition to the increase in attacks involving cloud solutions and attacks associated with privileged credentials;
  • The Verizon Data Breach Report is extremely reliable and recognized, also characterized by its transparency and impartiality;
  • It points out the need to invest in awareness and training of all professionals in a company and can be shared with leaders to seek support in this regard.

We hope this article has clarified your key questions about Verizon Data Breach Report and can be shared with more people.

 

ALSO READ IN SENHASEGURA’S BLOG

Configuration Management Database (CMDB): Learn More About It

Cybersecurity Risk Assessment According to ISA/IEC 62443-3-2

What is NIST and Why Is It Critical to Cybersecurity?

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

Building Digital Manufacturing Through PAM

Building Digital Manufacturing Through PAM

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity. 

Among the technologies that integrate digital manufacturing, we highlight artificial intelligence, the internet of things, 5G, and cloud computing, which brought more dynamics to industrial operations, replacing human labor and changing the interaction with physical spaces.

However, the context of digital manufacturing presents several cybersecurity challenges that can be addressed by a PAM Security Platform and its advanced solutions, as explained in this text.

To facilitate your reading, we divided our text into topics. They are:

  • Digital Manufacturing: What Is It and Its Importance?
  • Technologies Present In Digital Manufacturing
  • Cybersecurity Challenges Faced by Digital Manufacturing
  • What Is the senhasegura PAM Security Platform and How Does It Support the Cybersecurity of Digital Manufacturing?
  • Brief History of the Industry
  • About senhasegura
  • Conclusion

Enjoy the read!

 

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

4 + 11 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Digital Manufacturing: What Is It and Its Importance?

Digital manufacturing is a concept that refers to the possibility of using digital technology to optimize industrial processes. This is possible through innovative approaches such as cloud computing, artificial intelligence, 5G, Internet of Things, and advanced robotics, among others.

Applying digital technology in manufacturing enables efficiency and productivity gains, reduction of human failures, reduction of costs, and fewer setbacks when developing a product.

A company that invests in solutions associated with digital manufacturing still results in more security for employees and allows measuring the life cycle of operational equipment, in addition to offering a better view of inventory levels and schedules.

Another major advantage is the possibility of directing repetitive efforts to machines so that human labor can focus on more strategic services, which require creativity and analytical capacity.

Technologies Present In Digital Manufacturing

Here are some examples of technologies used in digital manufacturing:

Artificial Intelligence

Artificial intelligence refers to the union between various technologies, such as learning systems and algorithms, which allow us to simulate human capacity for reasoning and decision-making.

In practice, we are talking about machines that perform actions considered intelligent and learn through the large volume of data they are able to analyze.

Cloud Computing

Cloud computing is a technology that allows one to store, share and access files on remote devices without the need to make large investments in infrastructure and support teams.

In addition to cost-saving, this solution gives companies the flexibility to deal with fluctuations in production, seasonal services, and scalability, so they can grow without investing in hiring professionals.

Big Data

It allows dealing with large volumes of data, varied and complex, that arrive at a high speed, making it impossible for traditional software to manage them. To do this, techniques and machines are used to gather important data for the organization, which cannot be obtained through human action.

Internet of Things

Internet of Things (IoT) is associated with the connection of different equipment used in our daily lives with the internet through Wi-Fi, Bluetooth, or mobile data. 

As an example of items based on IoT, we can highlight smart TVs and refrigerators, in addition to numerous items present within companies, agriculture, manufacturers, etc. 

Advanced Robotics

Advanced robotics is used to replace human labor in repetitive activities that require a high level of precision. 

In this sense, robots consist of sophisticated and efficient machines that systematize and evaluate data and promote the integration of production lines.

Digital Manufacturing

It allows one to create manufacturing processes and products at the same time, through a system that integrates collaboration, analysis, simulation, and 3D visualization tools.

Additive Manufacturing

Known as a 3D printer, additive manufacturing refers to digital manufacturing by addition. It is a technology that allows the use of digital models to create physical objects, even when they take on complex formats to be produced without this technology.

System Integration

System integration is the connection between different systems that enables various sectors of an organization to act in a coordinated and automated manner.

In practice, this concept works by bringing together different software, thus ensuring the availability and updating of data in all systems.

Simulation Systems

The technology is used to plan a new system, replacing experiments with a real system with digital models, which describe the interaction between different variables.

Digitalization

Use of digital resources that impact production processes and business models, providing cost reduction, better use of time, and productivity gain.

Cybersecurity Challenges Faced by Digital Manufacturing

When it comes to cybersecurity, digital manufacturing faces several challenges, among which we can highlight:

  • Industrial systems performing critical tasks, which may cause the interruption of operations;
  • Industrial devices present on a large scale and always on;
  • Many of these devices are not updated by their manufacturers, which increases the chance of zero-day vulnerabilities;
  • Several operating systems do not have Security by design. Some do not even have access control for administrators in their administrative interfaces;
  • Numerous operating systems are maintained by third parties, which makes it impossible to verify security practices;
  • Digital manufacturing provides malicious actors with a greater attack surface;
  • Lack of market perception on how to protect industrial technologies;
  • Many companies fail to invest in awareness and adequate training in cybersecurity;
  • Presence of different vendors with many communication systems and protocols;
  • Remote accesses that allow third-party vendors to access devices remotely, often using shared credentials; 
  • The rapid introduction of IIoT, allowing the introduction of new attack vectors, etc.

What Is the senhasegura PAM Security Platform and How Does It Support the Cybersecurity of Digital Manufacturing?

As they adhere to solutions related to digital manufacturing, companies realize the need to optimize operational technology security management in order to reduce the risks of adopting these concepts in their operations.

In this sense, some guidelines and frameworks are used to protect industrial environments from malicious agents, such as the NIST cybersecurity framework, CIS security controls, and the ISA 62443 standard set.

According to the Center for Internet Security, 18 critical security controls must be established by organizations in their environments to ensure information security. They are: 

  • Inventory and Control of Organizational Assets
  • Inventory and Control of Software Assets
  • Data Protection
  • Secure Configuration of Organizational Software and Assets
  • Account Management
  • Access Control Management
  • Continuous Vulnerability Management
  • Management of Audit Logs
  • Email and Web Browser Protections
  • Malware Defenses
  • Data Recovery
  • Network Infrastructure Management
  • Network Monitoring and Defense
  • Security Awareness and Skills Training 
  • Service Provider Management
  • Application Software Security
  • Incident Response Management
  • Penetration Testing

ISA 62443 includes four types of standards:

  • General: refers to concepts, terms, metrics, and uses related to IACS;
  • Policies and procedures: address IACS criteria, implementation, and protection;
  • System: refers to technologies focused on IACS, risk analysis, security, and criteria for systems; and
  • Component: encompasses the life cycle and technical security of IACS components.

Companies that need to implement CIS Security Control and comply with ISA 62443 must invest in a  PAM Security Platform

This solution allows one to store, manage and monitor privileged access to systems and devices used in the context of digital manufacturing, allowing complete control over access to critical data.

Among the security controls associated with the PAM Security Platform, we can highlight:

  • Hardware Asset Inventory

A PAM Security Platform enables the visibility of an industrial park, allowing it to detect the automatic inclusion of devices connected to this environment, as well as their credentials.

  • Permission Control

Another capability of a PAM Security Platform is the control of the use of high privilege and impersonal credentials.

  • Record of Maintenance Sessions and Privileged Accounts

A PAM Security Platform makes it possible to record the maintenance sessions of a manufacturer’s systems and maintain audit logs in privileged account sessions through video recording.

  • Controlled Physical Access and Remote Access

Through the PAM Security Platform access groups, it is possible to establish who can view the password to access an industrial system through physical or remote access.

  • Account Tracking

A PAM Security Platform makes it possible to track activities performed by all credentials, including third-party and impersonal, in real-time. 

  • Incident Response 

The capabilities of a PAM Security Platform make it possible to reduce the time required to resolve security incidents, including those related to digital manufacturing solutions. 

Brief History of the Industry

Before the First Industrial Revolution, the manufacture of products took place through handicrafts and manufacturing. Later, in the late eighteenth and early nineteenth centuries, industrialization began with the use of human labor combined with steam-powered machines.

The first sector to be impacted by this mode of production was the textile one, followed by metallurgists and other factories that employed many people. In this period, the manufacturing process was still rudimentary and exports were precarious.

The Second Industrial Revolution is marked by more advanced technologies and manufacturing techniques and the emergence of multinationals and transnationals.

The Third Revolution, in turn, was characterized by the development of chemical, automotive, and consumer goods industries, in addition to being associated with a period of greater prosperity.

Then, it was the turn of the Fourth Industrial Revolution, known as Industry 4.0 (or digital manufacturing), to revolutionize the sector, with the arrival of the internet in the late 1990s and early 2000s.

This allowed the use of concepts such as the Internet of Things, which makes it possible to replace human labor with automated processes, generating more efficiency and reducing costs.

Today, we are already talking about the Fifth Industrial Revolution, which should also impact the relationship between humans and machines, requiring adaptation to increasingly advanced technologies and increasing profit margin and customer satisfaction through strategic processes. 

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001 and present in more than 50 countries today.

Our main goal is to guarantee digital sovereignty and cybersecurity to our contractors, providing them with control of privileged actions and data, and avoiding leaks and theft of information. 

In this sense, we monitor the management of privileged access, before, during, and after access, using machine automation. In this way, we can:

  • Increase the performance of companies, avoiding the interruption of operations; 
  • Perform automatic audits on the use of permissions;
  • Audit privileged changes to detect abuse of privilege automatically;
  • Provide advanced solutions with the PAM Security Platform;
  • Reduce cyber risks; and
  • Bring the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

By reading this article, you saw that:

  • Digital manufacturing consists of the use of digital technologies to optimize industrial processes;
  • This concept provides efficiency and productivity to industries and allows one to reduce human failures and have fewer unforeseen events in the development of a product;
  • Digital manufacturing also ensures more security for professionals, allows one to monitor the life cycle of the equipment more accurately and view inventory levels and schedules;
  • Another advantage of digital manufacturing is the possibility of directing repetitive activities to machines so that human labor can focus on strategic tasks;
  • Some technologies present in the digital manufacturing can be highlighted: artificial intelligence, cloud computing, big data, internet of things, advanced robotics, digital manufacturing, additive manufacturing, system integration, simulation, and digitalization systems;
  • The challenges of digital manufacturing include the execution of critical tasks by industrial systems, the maintenance of industrial systems by third parties, which does not make it impossible to verify security practices, and a greater attack area;
  • The senhasegura PAM Security Platform supports the cybersecurity of digital manufacturing through hardware asset inventory, permissions control, recording of maintenance sessions and privileged accounts, controlled physical access and remote access, account tracking, and incident response.
  • Finally, you have seen some characteristics of industrial revolutions that have changed the relationship between people, machines, and work. 

Was our article on PAM Security Platform helpful to you? Then share it with someone who might benefit from this content.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

Just-In-Time Privileged Access: Understand this Subject

Just-In-Time Privileged Access: Understand this Subject

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are:

  • What Is Just-In-Time Privileged Access?
  • Why Is Just-In-Time Privileged Access Important for Businesses?
  • How Does It Work?
  • Type of Just-In-Time Access
  • About the Implementation
  • Just-In-Time Privileged Access and PAM: What Is the Relationship?
  • Just-In-Time Inspiration
  • About senhasegura
  • Conclusion

Enjoy the reading!

What Is Just-In-Time Privileged Access

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

1 + 12 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

What Is Just-In-Time Privileged Access?

Just-in-time (JIT) privileged access is a method that allows organizations to reduce the attack surface, providing system and application users with only the necessary permissions to perform their tasks.

This is an extremely effective solution, since more than 80% of the vulnerabilities reported by Microsoft in recent years could have been mitigated by removing administrator permissions from users, and more than 80% of all vulnerabilities published by Microsoft would have been eliminated by removing local administrator permissions.

However, many companies neglect the necessary measures to prevent attacks and data leaks and do not follow the least privilege policy, which plays an essential role when it comes to cybersecurity.

One of the main risks, in this sense, is associated with permanent privileges, which occur when a privileged user account remains with privileged access active for 100% of the time.

In other words, these permissions remain 24 hours ready to be used, either for legitimate activities or illicit purposes.

To solve this problem, it is recommended to adopt just-in-time privileged access, which directs users to limited privileges, when it is necessary and for the shortest time necessary.

With this, one can reduce the active privilege status of an account from many hours to a few minutes and, consequently, the risks related to this privileged access.

Why Is Just-In-Time Privileged Access Important for Businesses?

Just-in-time privileged access is essential to ensure the cybersecurity of organizations, as it makes it possible to reduce the risks associated with privilege abuse and the increase of the attack surface. 

Moreover, it helps to optimize the administrator’s experience and makes it possible to maintain the workflow without interrupting it for review cycles, which usually requires a lot of waiting time.

What’s more: by reducing the number of users and privileged sessions, just-in-time privileged access improves compliance with security standards and simplifies the audit of activities carried out in the IT environment.

How Does It Work?

First of all, the user must make an access request in order to perform a privileged or simple action, if this type of privilege is provided by the implemented model. 

At this point, it will be necessary to justify the requested access and define how long they need this access, a definition that can also be established by the administrator. Then they need to wait for access approval.

With this approval, the user will receive their credentials with an expiration date and will be informed about the actions they can take during this period.

After the access time, the administrator will be able to block or delete the credentials, and if the action has not been completed, the user will have to make another request to proceed. 

It is important to note that blocking or deleting the credential does not exempt the need to keep access logs to ensure control and security of operations. We also add that, even remembering this data, the user will not have access, as its term has expired.

Types of Just-In-Time Access

There are three types of just-in-time access. They are:

  • Broker and Access Removal Approach

This type of just-in-time access makes it possible to create guidelines to require users to justify their need for privileged access and specify how long this access will be necessary.

In general, the credentials of these accounts are kept in a central vault and users use a privileged and permanent shared account. 

 

  • Ephemeral Accounts

In this type of permission, accounts are temporary, created to be used only once based on the principle of zero privilege. 

This means that when the action is completed, access is removed. For this reason, these accounts are described as unique. 

 

  • Temporary Elevation

In this case, you can temporarily elevate privileges so that users can access privileged accounts or execute privileged commands for a limited time. When this deadline expires, access is removed. 

About the Implementation

To ensure the implementation of just-in-time access in your company, you should follow some steps, such as:

  • Maintaining a privileged and permanent shared account, managing credentials centrally, so that they are alternated regularly;
  • Creating guidelines that ensure human users and machines offer explanations for connecting to target systems and applications for a limited time;
  • Recording and auditing privileged actions in ephemeral accounts and receiving alerts about unexpected behaviors;
  • Using the temporary elevation of privileges, ensuring that users can access privileged accounts or execute privileged commands for specific actions.

Just-in-time access, used to ensure the least privilege policy, is essential for Zero Trust. This model ensures organizations check who or what is trying to connect to the IT structure before allowing access, ensuring the security of sensitive data. 

Just-In-Time Privileged Access and PAM: What Is the Relationship?

Ensuring just-in-time privileged access is a concern that intensifies the work of system administrators due to a large amount of revocation of accesses and credential blocks, which can cause frequent errors. 

Therefore, an efficient way to apply this solution in your company is by automating this process through PAM (Privileged Access Management), which allows you to control privileged access to critical information.

PAM is an important tool that limits privileged access by reducing the attack surface and providing more cybersecurity for organizations of all sizes and industries. 

With it, one can adopt just-in-time privileged access, control access requests, and audit the actions taken. In practice, this tool allows establishing the level of privilege of each credential, providing users only the access they need to perform their tasks. 

We can also highlight some of the benefits of adhering to this solution:

  • Delivery of ephemeral credentials securely;
  • Revocation of these credentials after the defined deadline; and
  • Creation of accesses and provisioning of automated privileges. 

By using a PAM solution, your company can reduce the number of credentials, create provisioning for a given period, and record the access logs and recordings of the sessions performed using credentials.

Just-In-Time Inspiration

Just-in-time is based on a management philosophy applied in Toyota factories until the 1970s. This methodology was introduced by Taiichi Ohno in order to meet customer needs while minimizing waste.

In this sense, just-in-time manufacturing presents the following proposals:

  • Continuous improvement;
  • Waste disposal;
  • Kanbans, which interrupt processes that are not working;
  • Jidoka, which provides autonomy for machines to perform tasks, making employees more productive; and
  • Leveled production, which optimizes the flow of products through the industry.

Implementing this business practice requires teams to focus on the process, eliminating unnecessary actions and seeking to solve a specific problem in the best possible way. 

More recently, information security was inspired by this model to create just-in-time privileged access, aimed at eliminating unnecessary access. 

This form of data protection and critical resources makes it possible to provide access for a specific purpose for a given time, elevating privileges only in the contexts in which they are needed. 

However, for this model to be secure and easy to use, it is essential to provide an audit trail of the actions performed. 

About senhasegura

When it comes to information security, we from senhasegura are a reference. After all, we efficiently perform the job of ensuring the digital sovereignty over privileged actions and data of the organizations that hire us in more than 50 countries. 

In this way, we avoid data theft and track the actions of administrators on networks, servers, databases, and devices in general. 

We also provide compliance with audit requirements and the highest standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

senhasegura offers Privileged Access Management (PAM) as one of its main solutions, which provides control over the access of sensitive data to corporations.

The great efficiency of senhasegura PAM is justified by the possibility of combining security strategies and technologies that offer the user only the indispensable access to perform their functions within a certain period.

Through senhasegura PAM, one can reduce the most diverse cybersecurity risks within an organization, as this tool reduces insider and external threats. 

Using this tool, you can rest assured your company will be protected from intentional or accidental damage, interruption of operations, loss of credibility, and incalculable losses. 

 

Conclusion

In this text, you saw that:

  • With just-in-time privileged access, users are able to obtain limited privileges, when they are necessary and for the shortest time possible;
  • This makes it possible to reduce the risks associated with privilege abuse and the increase of the attack surface;
  • It also allows for improving the administrator experience and maintaining the workflow, without interrupting it for review cycles;
  • To request just-in-time privileged access, the user must justify it and specify how long they need this access;
  • After the access time, the administrator may block or delete the credentials used;
  • There are three types of just-in-time access: the broker and access removal approach, ephemeral accounts, and temporary elevation;
  • Just-in-time access, used to ensure the least privilege policy, is essential for Zero Trust. To implement it, it is important to follow some steps, shared in this text;
  • An efficient way to apply this solution in a company is by automating the process through PAM;
  • Just-in-time privileged access is inspired by a management philosophy applied in Toyota factories until the 1970s.

Was this article on just-in-time privileged access useful to you? Then share it with someone else interested in the subject. 

ALSO READ IN SENHASEGURA’S BLOG

Industry 4.0 – What Is It, and Why do You Need to Start Thinking About It?

Cybersecurity Risk Assessment According to ISA/IEC 62443-3-2

Resolving LGPD Compliance Issues with Privileged Access Management

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

What Can I Do to Decrease Cyber Insurance Amounts?

What Can I Do to Decrease Cyber Insurance Amounts?

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors.

As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work, generating vulnerabilities to IT structures.

Moreover, the action of malicious actors impacts companies of all sizes and industries, whether stealing confidential data and damaging their credibility or causing the interruption of their operations.

To protect themselves from the damage caused by cybercrime, institutions have started to hire cyber insurance. However, in order to reduce the costs of this solution and ensure the risk is accepted by insurers, it is essential to take some measures listed below. 

5 Tips for Reducing the Amount of Cyber Insurance 

Here’s what you should do to be able to hire cyber insurance and reduce its costs:

1. Develop and Implement Cybersecurity Policies

Among the actions that impact cyber insurance costs, we can highlight the adoption of security standards, including the implementation of the Principle of Least Privilege.

This measure ensures each user in an organization receives only the necessary permissions to perform their functions, which reduces the attack surface. 

2. Create and Test Incident Response and Disaster Recovery Plans

Creating incident response and disaster recovery plans is also indispensable for those who want to reduce cyber insurance costs.

After all, this allows it to recover data and restore the activities of a company whenever problems such as breakdowns, cyberattacks, and natural phenomena cause the interruption of operations, avoiding financial losses.

5 Tips for Reducing the Amount of Cyber Insurance

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

4 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

3. Conduct Periodic Cybersecurity Assessments

To reduce cyber insurance costs, it is also recommended to assess the company’s cybersecurity regularly in order to identify possible threats early on and combat them.

 

4. Develop Training Programs to Increase Cyber Awareness

If you want to ensure the cybersecurity of your organization in order to reduce the costs of cyber insurance, it is not enough to invest in cutting-edge technology. It is also necessary to raise awareness and train your employees on the need to prevent malicious attacks.

In this sense, they should be aware of the risks involved in breaches of the organization’s and its customers’ data. 

5. Implement Cybersecurity Solutions Such as MFA and PAM 

According to information extracted from the Verizon Data Breach Investigation Report, 61% of cyberattacks are related to privileged credentials.

This justifies the need to invest in cybersecurity solutions, such as multifactor authentication (MFA) and Privileged Access Management (PAM) solutions, such as senhasegura

While the former applies at least two types of mechanisms to identify who tries to access a given online system, the latter controls the use of generic and privileged credentials, providing secure storage, access segregation, and full usage traceability.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

What are the actions performed during a privileged access

What are the actions performed during a privileged access

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4 million attacks. And they weren’t the only ones: Intrusion attempts increased by 11% and IoT malware was up 6% in 2021 compared to 2020.

And the cost of these attacks also follows this trend: according to IBM in its Cost of a Data Breach 2021 report, the average cost of a data breach was USD 4.24 million, up almost 10% compared to 2020. It’s worth remembering that privileged users are a major attack vector used by cybercriminals: according to Verizon Data Breach Investigation Report 2022, more than 40% of data breaches involved exploiting stolen high-privilege credentials.

And it’s no wonder that privileged credentials are also called After all, these credentials allow access to critical information and to modify settings in the environment. If compromised, they can cause significant damage to the organization, including affecting business continuity. For this, it is important for security leaders to implement processes, train people, and acquire tools to properly manage privileged access. This is called Privileged Access Management, or PAM. According to Gartner, by 2022, 70% of organizations will implement PAM practices for all their use cases, a 40% increase from 2020.

Implementing PAM allows organizations to effectively monitor their environment, as well as pinpoint who had access to which assets connected to the infrastructure. In this way, it is possible to protect the organization against threats – both internal and external – in addition to preventing malicious actors from gaining access to sensitive data through high-privilege accounts and enabling compliance with the latest cybersecurity regulations, including security protection laws. data such as LGPD, GDPR and CCPA. However, according to Gartner, mitigating risks associated with privileged access is virtually impossible without PAM solutions. These risks include, for example, the lack of visibility of assets, as well as the traceability of actions performed through privileged credentials. It is worth remembering that Gartner elected PAM as the number 1 project in security for two years in a row.

To ensure maximum protection, we at senhasegura have developed an approach that covers the entire life cycle of privileged access, including the actions carried out before, during, and after the realization of privileged access. These actions range from discovering privileged credentials in the environment and provisioning them to verifying actions performed in the environment. In this article, however, we will focus on the “during” step, and explain in more depth the actions performed during privileged access.

These actions are primarily related to what the user performs while performing privileged access, after provisioning and granting access to the user. A PAM solution in this case allows administrators to define which users (or group of users) will be allowed to access a credential to perform access to a device, system or application. During this access, it must be possible to record all activities carried out through privileged credentials. This means that administrators must be able to see what actions are being performed on the systems and devices managed by the PAM solution, in addition to video recording and logging all remote sessions performed on these devices. This ensures that all actions taken can be tracked and audited later, thus allowing you to detect the causes of a cyber incident, or meet audit requirements.

In this case, the PAM solution must also be able to detect, respond and send alerts about any suspicious activity carried out through privileged credentials, based on their usage profiles. In this way it is possible for the security team to discover and prevent an ongoing cyber attack.

In addition to privileged credentials, a PAM solution also allows for the management and protection of SSH keys, digital certificates and secrets in DevOps environments, enabling the implementation of DevSecOps. According to Gartner, by 2021, DevSecOps practices (i.e., the adoption of Security practices in Development and Operations processes) will be adopted by 60% of agile development teams, against 20% in 2019.

We have seen that the implementation of proper Privileged Access Management is impossible without specialized PAM tools. The tool chosen by the organization must consider all aspects of the privileged access lifecycle: from provisioning access to verifying all actions performed in the environment. In this way, it is possible for Information Security teams to adequately protect the “keys to the kingdom” against the actions of malicious agents, including internal threats. In times of data protection legislation such as ensuring compliance with these regulations is more than reducing cyber risks, it is ensuring business continuity.

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

13 + 2 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role cybersecurity plays in SOX as digitization continues to accelerate and cybersecurity threats, financial reporting, and auditors intersect.

After all, financial data is sensitive and the financial industry has seen increasing attacks from threat actors in 2020, increasing by 238% in 2020 alone.

Additionally, the 2021 Gartner Hot Spots report names cyber vulnerabilities as a primary area of risk that auditors need to address, stating that the threat has been further amplified by “large-scale remote work.”

With regulators taking these new and emerging threats to investors into consideration, companies and auditors need to be aware of evolving requirements to keep up with SOX compliance and cybersecurity practices to protect themselves from risks like these.

Even companies that do not operate in the US or engage with US clients should take note as SOX is becoming increasingly global, with the UK Financial Reporting Council (FRC) working on a UK equivalent.

Read on to find out what you need to do to achieve Sarbanes-Oxley compliance using cybersecurity controls.

What is SOX Compliance?

The Sarbanes-Oxley Act was introduced in the US in 2002. Congressmen Paul Sarbanes and Michael Oxley merged compliance law to improve corporate governance and accountability. This was done as a response to some of the big financial scandals that took place in previous years.

The details of SOX compliance are complex. SOX compliance refers to annual audits that take place at publicly traded companies, within which they are required by law to show evidence of accurate and secure financial reporting.

These companies are required to comply with SOX both financially and IT. IT departments were affected by SOX as the Act changed the way corporate electronic records were stored and handled.

SOX’s internal security controls require data security practices and processes and complete visibility into interactions with financial records over time. Failure to comply with SOX is a serious matter, often resulting in large fines or potentially imprisonment for those responsible for the organization.

Who must comply with SOX compliance?

All publicly traded companies in the US must comply with the SOX, as well as any wholly-owned subsidiaries and foreign companies that are publicly traded and do business with the US.

Any accounting firms that are auditing firms bound by SOX compliance are also, by proxy, required to comply. Other companies, including private and non-profits, are generally not required to comply with SOX, although adhering to it is good corporate governance practice.

There are reasons other than good business sense to comply with SOX even if your company is not listed on a stock exchange. SOX has some articles that state that if any company knowingly destroys or falsified financial data, it can be punished according to the law.

Companies planning to go public, perhaps through an IPO (Initial Public Offering), should prepare to commit to SOX.

What are the benefits of SOX compliance?

SOX provides the framework companies need to follow to better manage their financial records, which in turn improves many other aspects of the company.

Companies that comply with SOX report that their finances are more predictable, which makes shareholders happy. Companies also report that they have easier access to capital markets due to improved financial reporting.

By implementing SOX, companies are safer from cyberattacks and the costly consequences of a data breach. Data breaches are difficult to manage and remediate, and companies may never recover from the damage to their brands.

SOX compliance builds a cohesive internal team and improves communication between teams involved in audits. The benefits of a company-wide program like SOX can have other tangible effects on the company – such as better communication and cross-functional cooperation.

In short, the benefits of SOX compliance are:

  • A reinforced control environment
  • Improved documentation
  • Greater involvement of the Audit Committee
  • Convergence opportunities
  • Standardized processes
  • Reduced complexity
  • Minimization of human error

What is the role of cyber security in SOX?

Companies need to remember that the scope of SOX only includes financial controls and therefore testing is limited to financial applications, servers, operating systems and databases within the scope of production.

There are many other servers and devices not reviewed for SOX compliance that could be compromised and in turn affect financial reporting. Thus, it is critical to take a holistic approach to security and internal audit that includes prevention, detection, and corrective controls to address cybersecurity risks.

Initially, internal auditors should incorporate cyber risks into their annual audit risk assessments and should interview key cybersecurity officials during the process. Now that boards are asking more questions about cyber risk and mitigation efforts, there is value in scheduling these meetings even more frequently.

Once cyber risks are identified and controls are designed, it is important to base your organization’s cyber and SOX controls with a cybersecurity framework such as those provided in the NIST Cybersecurity Framework to test and monitor the effectiveness of mitigation efforts.

The IT controls that companies review in SOX can be used across other applications and IT environments to strengthen their cybersecurity posture, including:

  • Using least privilege for access control.
  • Change network, application, firewall, database, and operating system administrator passwords regularly.
  • Password controls.
  • Restrict service accounts to only those with necessary privileges.
  • Segregation of Duties in Change Management and Access Modification.
  • App access review and certification.
  • Change management procedures.
  • Backup Procedures.

For direct evidence of SOX, companies must complete a SOX cybersecurity memorandum annually and consider additional controls. A cybersecurity memo should be completed by both internal and external IT auditors to assess how prepared the company is for a cyberattack.

These discussions often lead to how a company’s IT security and internal audit groups can benefit from each other. Based on the cyber discussions, obvious design gaps should be addressed, including issues such as limited cyber resources, lack of cyber risk assessment, lack of cyber maturity framework, poor cyber policies and procedures, inadequate cyber training, and understanding of the current state of the world. cyber program.

Disaster recovery is also starting to appear as a key SOX control, despite being historically seen as a corrective control and later outside the scope of SOX. The addition of this control includes additional focus on whether companies can recover their in-scope financial applications in the event of a cyberattack.

Sarbanes-Oxley Act (SOX) is

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

12 + 5 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

How to conduct a cybersecurity controls audit on SOX?

Auditing a company’s internal security controls is often the largest, most complex, and time-consuming part of a SOX compliance audit. This is because internal controls include all of the company’s IT assets such as workstations, hardware, software, and all other electronic devices that can access financial data.

SOX IT audits are focused on the following key areas:

Risk assessment and materiality analysis

Your organization needs to do a rigorous risk assessment that takes into account cybersecurity risks that fall under SOX. This approach will require cybersecurity expertise on audit teams and should also include executive and board-level information to help determine your organization’s definition of “material” cybersecurity risk.

To ensure you are covering a large number of bases, cybersecurity best practices recommend that you perform cybersecurity risk management using common frameworks like NIST and COSO to help you through the process.

When carrying out risk assessments, auditors should always examine how comprehensive and well-documented they are, as risk assessments are one of the key spheres that regulators and supervisory bodies will examine.

Fraud risk assessment

Make sure your organization has performed a thorough risk assessment for potential fraud activity to help with early detection and fraud prevention. The internal controls you are implementing should help prevent fraud and mitigate material impacts if they occur.

 

Implementing cybersecurity controls

After performing a risk assessment in which you have identified the cybersecurity risks, policies, and control solutions needed to comply with SOX, your company must implement these controls following industry standards.

Again, cybersecurity best practices recommend using a trusted framework such as the NIST Cybersecurity Framework (NIST CSF) as a foundation for designing Cyber SOX controls when starting to build a control environment.

Part of the implementation process will be training control owners on the purposes and reasons for controls and how they should communicate if a control fails or requires adjustment due to changes in the environment.

Monitoring and testing controls

Organizations should monitor and test the security controls they have implemented, performing periodic self-assessments, attestations, and other self-certifications. Audit teams can be a valuable resource in assessing the effectiveness of management programs and even provide practical, actionable areas to improve resilience if trained with this in mind.

It is important that you are regularly testing controls and continually monitoring the security of your own infrastructure and that of your vendors to prevent and prevent data breaches, data leaks and cyber threats. Having an understanding of log management is important in this process.

Reports

It is important that staff and auditors are familiar with the SOX disclosure requirements, knowing the correct forms of communication and the steps needed to make timely and appropriate disclosure in the event of something like a data breach.

Defining communication guidelines and who needs to be informed is a key part of incident response preparation.

 

What are the penalties for non-compliance with the SOX?

Being deemed non-SOX compliant can include penalties such as:

  • Fines.
  • Removal of public stock exchanges.
  • Invalidation of civil liability insurance policies for directors and executives (D&O).

There are a number of sections that outline the penalties for being found to be non-compliant with SOX, such as:

  • Section 906, where filing and certifying a misleading or fraudulent financial report can incur fines of up to $5 million and result in a criminal penalty of 20 years in prison.
  • Section 802, where altering, falsifying, destroying or concealing financial records, documents or tangible objects to obstruct, impede or influence legal investigations can incur penalties of up to 20 years in prison. It also carries a penalty of up to 10 years in prison for accountants, auditors or others who deliberately violate the requirements of maintaining all audit or review papers for a period of 5 years.
  • Section 806, where whistleblower complaints are protected from retaliation, further authorizes the US Department of Justice to criminally prosecute employers who retaliate against the respective individuals.

For IT departments and executives, SOX compliance is an important ongoing concern. However, SOX compliance is more than just passing an audit. This aspect involves defining data governance processes and procedures and a series of tangible benefits for your business.

According to a 2019 survey:

  • 57% of organizations benefit from improved internal controls over the financial reporting framework.
  • 51% have an improved understanding of control design and the operational effectiveness of the control.
  • 47% saw continuous improvement of business processes.

What are the key SOX compliance challenges for cybersecurity?

One of the biggest challenges is privileged users, who are often important and trusted company employees – the kind that don’t like to be questioned for potential fraudulent activity. To lessen the likelihood of this kind of necessary and uncomfortable questioning, IT departments often manage privileges by restricting and segregating them. Unfortunately, by restricting admin permissions, organizations are indirectly limiting productivity.

Monitoring privileged user database access is difficult, as the monitored users themselves often have the credentials needed to “beat the system” by deleting fraudulent logs they do not want to be seen. Again, however, restricting these credentials undermines efficiency, as administrators often use the database’s logging capabilities as a debug mechanism.

Another difficulty involves the need to audit access failures, whether they are invalid login attempts or unsuccessful attempts to retrieve privileged files. Either way, these types of activities are possible warning signs of fraudulent activity and must be tracked to satisfy SOX’s audit controls.

Additional challenges include monitoring schema modifications to ensure the veracity of the data structures being audited and monitoring privilege changes to maintain visibility into the user directory. It is also important to audit access to sensitive data tables and systems, such as SQL server events.

Other obstacles preventing SOX compliance for IT systems include insufficient database logs, ineffective data reporting, and poor event alerts.

The need to replay events by identifying key happenings in audit trails, archiving each event for future audits, ensuring the security of audit logs, producing scheduled reports for auditors, and being constantly aware of potential warnings of fraudulent activity (such as repeated login attempts failure) makes life more difficult for IT administrators.

Privileged Access Management as a solution to SOX Compliance

Muitos, senão todos os controles gerais de TI da SOX estão associados ao gerenciamento de acesso. Por exemplo, se a configuração de um aplicativo fizer parte de um controle de TI, saber quem fez a configuração (até o ponto de auditoria) é essencial para manter fortes controles.

A pessoa que configura os aplicativos e sistemas é um usuário privilegiado e possui acesso administrativo ao sistema. A partir dessa posição privilegiada, ela pode adicionar, editar ou excluir contas ou alterar configurações que afetam as transações financeiras.

Por exemplo, pode haver controle sobre quem pode lançar ativos no balanço patrimonial. Se esse controle puder ser manipulado sem o conhecimento de ninguém, os dados financeiros poderão ser corrompidos, e isso pode ser não intencional ou deliberado. Esta é uma receita para fraudes graves.

Many if not all of SOX’s general IT controls are associated with access management. For example, if the configuration of an application is part of an IT control, knowing who did the configuration (up to the point of auditing) is critical to maintaining strong controls.

The person who configures the applications and systems is a privileged user and has administrative access to the system. From this privileged position, the employee can add, edit or delete accounts or change settings that affect financial transactions.

For example, there may be control over who can post assets on the balance sheet. If this control can be manipulated without anyone’s knowledge, financial data could be corrupted, and this could be unintentional or deliberate. This is a recipe for serious fraud.

Companies that do not manage access well face some problems. In addition to an increased risk of cybersecurity breaches, there is also the likelihood that the SOX auditor will deem IT controls inappropriate.

A PAM (Privileged Access Management) solution provides a secure and simplified way to authorize and monitor all privileged users for sensitive systems, including systems involved in financial reporting.

PAM grants and revokes privileges to users for systems on which they are authorized. In addition, the solution centrally and quickly manages access to the type of heterogeneous systems that handle financial transactions and reports (e.g. General Ledger, ERP, Billing, banking APIs and others.)

The PAM solution creates an unalterable audit trail for any privileged operation. This feature facilitates the SOX evidence and audit process.

Benefits of the senhasegura solution for SOX compliance

We offer a PAM solution to achieve SOX compliance in the IT department and beyond.

The senhasegura solution combines robust PAM features with unique ease of installation and use. An agentless architecture simplifies deployment and ongoing changes, while other PAM solutions require the installation of a dedicated software agent on each system where privileged access is being managed.

Ease of use and installation provide major benefits for SOX compliance. The Act has the potential to constrain agility if controls are too tight and IT needs to be able to modify systems to keep up with business changes.

The senhasegura solution reinforces the internal controls and reporting requirements necessary for SOX compliance, going far beyond simply meeting the rules to implement an “inside-out” security approach to become part of your organization’s DNA.

For more information on how the senhasegura solution can help your company achieve SOX compliance, request a demo!

Building Digital Manufacturing Through PAM

With the evolution of technology, manufacturing sectors are increasingly digitalized through solutions that optimize the processes carried out in these environments, reducing costs, eliminating human failures, and generating more productivity.  Among the technologies...

Just-In-Time Privileged Access: Understand this Subject

In this article, we present the concept of just-in-time privileged access, its benefits, and mode of operation, among other extremely important information on the subject. To facilitate your reading, we divided our text into topics. They are: What Is Just-In-Time...

What Can I Do to Decrease Cyber Insurance Amounts?

When it comes to information security, the risks to organizations are increasing by several factors. As an example, we can mention the increase in the number of cyberattacks, especially after the Covid-19 pandemic, which accelerated the mass adoption of remote work,...

What are the actions performed during a privileged access

Nowadays, cyber-attacks have become increasingly common and hit more and more companies, of all verticals and sizes. According to the SonicWall 2022 Cyber Threat report, the number of cyberattacks involving data encryption increased by 167% in 2021, reaching 10.4...

Achieving Sarbanes-Oxley (SOX) Compliance Using Cybersecurity Controls

The Sarbanes-Oxley Act (SOX) is primarily associated with business transparency and the use of accounting and financial controls to protect investors from fraudulent financial reporting. However, it is always important to remember the ever-increasing pivotal role...