Universities turn to privileged access management as they adopt Essential Eight cybersecurity strategies
The education sector continues to be a key target for a cyber attack, according to cloud identity security solutions firm ThycoticCentrify.
In the second half of 2020, the Asia Pacific education sector experienced a 21% increase in cyberattacks, compared with just an average 3.5% increase across all other sectors.
Inr esponse, ThycoticCentrify announced that it is working with Australian universities to adopt the federal government's Essential Eight cyber mitigation strategies.
A new case study demonstrates how one of ThycoticCentrify's customers, Victoria University, has implemented privileged access management strategies a key part of the Essential Eight to improve its cybersecurity posture.
ThycoticCentrify has a number of other higher education customers in Australia following a similar path, with security initiatives becoming more urgent after high-profile data breaches in the sector. It is estimated that more than 80% of successful data breaches including the cyberattack on the Australian National University revealed in 2019 target privileged accounts.
Privileged access management works by restricting the data access that systems users have to a minimum. It also safeguards passwords and other credentials associated with administrator and other privileged accounts often called the keys to the kingdom and monitors their use to detect suspicious behaviour.
According to ThycoticCentrify, universities are adopting privileged access management to improve cybersecurity because:
- It is a newer, more effective and generally less widely implemented strategy than many previously employedIt is a key part of the Essential Eight cyber mitigation strategies, which prevent the vast majority of cybersecurity incidents
- Universities need to demonstrate progress in adopting the Essential Eight, which privilege management allows them to do relatively easily
- Privilege management solutions like ThycoticCentrify's are more mature, cost-effective, easier to adopt, and less disruptive to staff than many alternative solutions
When Nitin Singh, Director, VU Cyber for Victoria University, first evaluated strategies to improve VU's security posture, he identified governance, management and visibility around privileged user and account management as key challenges.
He said that historically, password and access management for privileged users across VU was manual, inconsistent and lacked oversight and audit controls. Singh also found that use of shared and default credentials across privileged accounts posed a significant risk, making VU an easy target for cyber threats.
"We've overcome these challenges by adopting a practical, rational and risk-based approach," says Singh.
"Our mantra of using fit-for-purpose technology solutions led us to Thycotic. We were able to start small, get our IT staff comfortable with the product and are now expanding use of Thycotic across our critical business applications," he says.
"Thycotic's Secret Server solution has become much more than a privileged credential vault. We are now planning to extend its use for access governance, session recording and integration with our Security Information and Event Management solutions.
"It has brought in much needed simplification and consistency, along with strengthening VU's security posture."
Andrew McAllister, Adelaide-based VP for ThycoticCentrify Asia Pacific, says many Australian universities are now well down the privilege management path.
"Most start with the discovery of key accounts and password management making sure credentials cannot be exposed to attackers," he says.
"They quickly progress to monitoring suspicious use of privileged accounts and, over time, restricting access to a minimum."
Scott Hagenus, senior sales manager for emt Distribution, a rhipe company, which manages ThycoticCentrify's distribution channel in Australia and New Zealand, says the Essential Eight and many, if not all, of the Australian Government Information Security Manuals mitigation strategies are key to higher education institutions ensuring a consistent approach to threat mitigation.
"ThycoticCentrify meets this challenge head on when it comes to privilege access and activity," he says.
"Channel partner companies play a vital role in strengthening cyber security.
"The understanding and close connection with the various models our education institutions have coupled with the incredibly strong backing ThycoticCentrify give their channel perfectly places our partners to assist higher education get the best privilege access controls in place, that fit their needs."