Cybersecurity Market. PHOTO: Cybercrime Magazine.

Privileged Access Management Market To Hit $7B USD By 2028

PAM spending is on the rise. Sponsored by senhasegura

Charlie Osborne, Cybercrime Magazine Editor-at-Large

London – Oct. 26, 2023

“We predict that the global market for privileged access management (PAM) solutions will reach $7 billion USD by 2028, up from $3.5 billion USD in 2023, based on 15 percent year-over-year growth,” says Steve Morgan, founder at Cybersecurity Ventures and editor-in-chief at Cybercrime Magazine. Download the Report

As our world increasingly becomes digital, modern-day organizations rely on technological innovations to operate and succeed on a global scale.

However, as our networks expand, so does the need for protection, with mobile applications, software suites, endpoint devices, cloud platforms, data repositories, and more all becoming potential entry points for exploitation.

To address the challenge of securing increasingly complex infrastructure, business leaders must now take a multi-faceted approach to security to reduce the risk of data exposure, theft, insider threats, and cybercrime at large.

With the cost of cybercrime expected to grow by 15 percent annually over the next five years, reaching $10.5 trillion USD by 2025, according to Cybersecurity Ventures, cybersecurity has become a priority for IT teams and in the boardroom.

Given the high stakes, privileged access management (PAM) solutions are pivotal to safeguarding corporate data and assets. PAM tools ensure that only authorized users have access to systems and information, preserving system integrity and reducing the risk of a data breach caused by unauthorized intruders or insider threats.



WHAT IS PRIVILEGED ACCESS MANAGEMENT?

Privileged access management (PAM) is the practice of monitoring privileged account usage through the oversight of human operators, tools, and technology, including automatic solutions.

PAM offerings have existed for several decades, although many today — beginning as basic password vaults or simple account monitoring procedures — are unrecognizable compared to their humble beginnings.

Modern threats require modern solutions. With organizations today facing everything from phishing campaigns to state-sponsored groups focused on intellectual property and consumer data theft, PAM solutions have adapted and evolved to meet the requirements of businesses determined to protect their assets and prevent unauthorized, privileged access to their networks and resources.

Privileged accounts are necessary for business operations. After all, employees who need access to critical data and systems cannot effectively perform their tasks if access is inappropriately restricted.

However, providing everyone with privilege levels beyond the scope of their roles and needs unnecessarily expands the attack surface.

PAM solutions assist organizations in monitoring how privileged accounts are used, and by whom, and can detect suspicious behavior that may be linked to malicious activities.

Rule implementation and privilege assignments, depending on employee roles, are important elements of PAM technologies.

Suppose a privileged account user accesses, downloads, or changes the permissions of corporate resources outside of their usual scope. The account may be compromised and in use by an outsider, or the employee could have become an insider threat. In any case, the organization has the opportunity to contain the security incident.

PAM solutions are as varied as the threats they have been designed to mitigate. PAM offerings are dedicated to securing and controlling access to privileged networks, assets, data, and other resources, but they may also include functionality commonly associated with Privileged Identity Management (PIM). Noteworthy features may include:

Privileged account management: At their core, PAM solutions should have the capability to manage employee access to sensitive assets, networks, and systems by assigning and monitoring privileged accounts. This can include access to domains, intellectual property, cloud repositories, and confidential data.

Account administration: PAM solutions can give their handlers control over account creation and deletion — the latter of which is crucial to avoid abandoned, privileged accounts being abused. Administrators may also be able to automate facets of account management, as well as give — or restrict — privileges on temporary accounts, such as those used by contractors and third parties.

Credential management: PAM suites are often used to store and manage credentials including usernames and passwords, as well as perform key rotations, all of which can reduce the risk of account compromise.

Policies: PAM solutions can also enforce security policies, including the use of multi-factor authentication (MFA), strong credential use, and password complexity levels. Furthermore, PAM software can implement different policies based on an individual’s role and required level of privileges.

Session monitoring: Typically, PAM solutions can monitor user sessions in real-time. Organizations aiming to detect and prevent unusual or suspicious activity benefit from such monitoring, as it allows security teams to swiftly take action to prevent or mitigate cybersecurity incidents as they occur.

Pattern recognition: Modern authentication and privilege management solutions will harness next-generation technologies, including artificial intelligence (AI) and machine learning (ML) to streamline privilege management processes. Furthermore, AI and ML can be utilized in pattern and anomaly detection, improving the likelihood of identifying unauthorized access.

Remote access: PAM tools may implement security controls and checks for authorized remote access. With many employees contracted to remote or hybrid roles, ensuring privileged remote access is authorized is essential to business security. 

Compliance: PAM solutions can enhance productivity by taking over repetitive and time-consuming tasks related to compliance, such as with data protection laws. It may also be possible for controllers to generate PAM log reports for auditing purposes.



THE IMPORTANCE OF PRIVILEGED ACCESS MANAGEMENT

“It is precisely because privileged credentials offer such powerful access to critical resources that they are one of the favorite targets of malicious attackers,” says Marcus Scharra, co-founder and CEO of senhasegura.

Privileged access management solutions are essential to protect corporate networks, assets, and data.

An attacker who obtains access to a privileged account on a target network is an enterprise organization’s worst nightmare. When threat actors have access to resources, whether applications, software development environments, intellectual property and research, customer data, or access to high-level domain administration and functions, the consequences of intrusion can be catastrophic.

Consider a scenario in which an external attacker obtains stolen credentials for an account belonging to a manager. The level of access associated with the employee could be utilized to intentionally cause harm to the organization, or alternatively, could lead to cyber espionage and data theft.

As they move laterally across the network, weak spots could be exploited, permissions and security settings tampered with, and email accounts compromised — opening avenues for BEC scams, malware deployment, and more.

Furthermore, threats can also emerge from the inside. Insider threats originating from privileged accounts are more challenging to detect, as the security risk is already present on internal networks.

Insiders may be disgruntled employees, malicious members of staff transitioning to new companies who are tempted to take valuable data with them for an advantage in the job market — or they simply may be individuals who act in a negligent way, causing accidental security breaches.

Privileged access management solutions can minimize the risk of external actors, malicious actors, and non-malicious actors from causing security incidents. PAM is central to reducing the attack surface, and while it is not possible to stop an organization from being targeted, it is possible to reduce the array of potential entry points available to cybercriminals.

The adoption of PAM can create and manage environments where access to resources and assets are only available at the correct times, by authorized people. Furthermore, by monitoring user behavior and patterns, analysts are given the opportunity to rapidly handle emerging insider threats.

In comparison, if privilege levels are unmonitored, security and authorization weaknesses are not being addressed, leading to potential attacks, theft, and failures in compliance and auditing.

THE THREAT LANDSCAPE

The cyber threat landscape is in a constant state of evolution. Every day, we hear of data breaches, stolen customer records, identity theft, and ransomware — but in many cases, one component ties them all together: the human element.

According to Verizon, 74 percent of all breaches involve people. Accidents and social engineering feature in the firm’s research, but in 49 percent of cases, credentials are involved, whether stolen or due to privilege misuse.

Privilege misuse is extremely problematic in the cybersecurity realm. Below are examples of how privileges and credentials can be abused, leading to serious cybersecurity incidents.

  • US Air Force: 21-year-old U.S. Airman Jack Teixeira stands accused of leaking scores of classified documents to the internet, including Discord servers, thereby breaching the Espionage Act. An investigation into how the cyber transport systems journeyman had access to such sensitive information has been launched.
  • Microsoft: Since May 2023, threat actors have been accessing customer email accounts through Outlook Web Access in Exchange Online (OWA), with numerous organizations impacted. Data has been exfiltrated and analysts suspect Chinese involvement.
  • Acer: This year, Acer detected unauthorized access to “one of their document servers for repair technicians,” leading to the exfiltration of a 160GB database, later put up for sale on the Dark Web.
  • Cryptocurrency mining: In 2022, a former tech worker was convicted for building and deploying a tool to scan Amazon Web Services accounts for misconfigurations. She then accessed these accounts to download data from multiple organizations, including Capital One bank, and planted cryptocurrency mining software.
  • Elliott Greenleaf: Elliott Greenleaf filed a lawsuit against former lawyers working for the Pennsylvanian firm, accusing them of stealing files, destroying documents, and deleting emails when they left to join rival firm Armstrong Teasdale.
  • Twitter: In 2020, Twitter employees were targeted in a social engineering campaign. The phishing attempt resulted in the accounts of high-level users, including Elon Musk, Bill Gates, and U.S. President Joe Biden becoming compromised and used to promote a Bitcoin scam.
  • EnerVest: After learning he was due to be fired in 2012, a former network engineer at EnerVest remotely accessed the firm’s systems and reset network servers to factory settings, essentially wiping out access to data and applications. EnerVest was unable to function for 30 days and the engineer was sentenced to four years in prison.

STATISTICS TO KNOW

  • External threat actors are responsible for 83 percent of breaches, whereas insiders account for 19 percent, according to Verizon’s 2023 Data Breach Investigations Report.
  • A survey conducted by the Identity Defined Security Alliance (IDSA) indicates that 84 percent of organizations have experienced an identity-related breach in the last year. In total, 78 percent of respondents cited a direct business impact as a consequence.
  • Ponemon Institute research estimates the average business losses due to authentication weaknesses ranged from $39 million USD to $42 million USD in 2022. Additionally, 66 percent of IT security staff claim it is difficult to separate employees and customers from threat actors utilizing stolen credentials.
  • Mandiant research indicates that stolen credentials were leveraged more often in attacks in 2022 than during the year prior.
  • In 2022, Microsoft tracked 1,287 password attacks per second, equating to over 111 million attacks daily.
  • Research conducted by Hornetsecurity suggests that over a third of companies do not provide cybersecurity awareness training to remote employees, despite 74 percent of staff having access to critical data.
  • The World Economic Forum’s Global Cybersecurity Outlook 2023 report indicates that 20 percent of business leaders believe artificial intelligence (AI) and machine learning will have the greatest influence on their cyber risk strategies over the next two years, followed by cloud technology (19 percent) and advances in user identity and access management (15 percent).
  • An estimated 62 percent of large organizations have adopted multi-factor authentication, according to Zippia.


TRENDS IN THE PRIVILEGED ACCESS MANAGEMENT SPACE

Privileged Access Management is crucial for defending against modern-day attackers and now its importance has been recognized, the industry is moving at breakneck speed.

Technological innovations and security enhancements are developing in the PAM arena in response to growing enterprise demand for identity and access management solutions, the adoption of zero-trust approaches, and regulatory changes.

The most notable trends changing the face of Privileged Access Management solutions today:

Zero-trust, last-minute access controls: The concept of a zero-trust security model has gained traction in recent years. Zero-trust does not assume any level of trust and requires all users to be authenticated and verified before access is granted to sensitive networks or resources. Zero-trust principles meld with the principles of PAM, as privileged access may be requested from all areas: BYOD personal devices, remote workers, third-party contractors, in-office staff, consultants, and more.

New authentication solutions: PAM solutions are also changing in light of evolving authentication solutions, and they must integrate new verification methods as a result. These include multi-factor authentication (MFA), physical Yubikeys, biometrics, single sign-on services, and biometrics.

Artificial intelligence: Artificial intelligence (AI) and machine learning (ML) technologies allow for many repetitive tasks, including account management and data analysis, to be automated. This unburdens human operators, can improve the detection rate of suspicious and potentially malicious actions, and may reduce the likelihood of errors when managing privileged accounts.

Behavioral analytics: Due to automation, AI, and ML, PAM solutions now often integrate advanced behavioral analytics functionality. It can be difficult for overstretched IT teams to detect patterns of behavior considered abnormal for privileged account holders, but the right solution can flag up suspicious or unusual network activity, in real-time.

Remote and hybrid workforces: Post-pandemic, many organizations today have employees outside of the traditional office. The long-term — and, perhaps, permanent — inclusion of remote employees in corporate networks can have ramifications for security, especially when different locations and time zones have to be served. It is crucial that remote, privileged access is effectively monitored.

The cloud: With the rising adoption of cloud technologies, PAM solutions are following suit and are now available as on-premise and off-premise options, with the latter hosted in the cloud. PAM also has a role to play in protecting cloud-hosted resources.

Regulatory concerns: Organizations are being held to a higher security and data protection standard than ever before. The emergence of new and updated regulations, including the EU’s GDRP and HIPAA, alongside U.S. presidential orders designed to improve national cybersecurity, require companies to adhere to compliance requirements. Auditing can be time-consuming and difficult, but PAM solutions can streamline the process. 

HOW PAM MITIGATES CYBERATTACKS

“Identity compromises have been on the rise. […] If you have anything that touches the external world — domain controllers, email — those are all potential vectors of entry by attackers,” says Ping Look, director, Training and Communications, Microsoft Detection and Response Team (DART).

Privileged access management solutions are key components of a robust, successful security strategy in light of modern-day cyberattacks and the sheer number of potential attack vectors.

As an initial entry point into a target network, compromised privileged accounts delight cybercriminals, as they already have the permissions and access rights necessary to conduct cyberespionage, data theft, or to cause severe damage to corporate networks and resources.

PAM solutions, when coupled with complementary security methods and systems including identity and access management (IAM) suites, endpoint detection and response (EDR) tools, modern authentication practices such as MFA, and passwordless functionality, are crucial to creating a layered approach to defense that reduces an organization’s overall attack surface.

Cybercrime will continue to impact businesses worldwide in the years to come. Solid identity and authentication measures, including PAM solutions, now need to be prioritized in boardroom discussions.

A proactive approach to authentication and privileged access management ensures that organizations mitigate the risk of intrusion, are able to adhere to rising compliance standards, and can rapidly respond to security events as they occur. 


SPONSORED BY SENHASEGURA 

For senhasegura, protection, access, and confidentiality of privileged information are fundamental rights of any organization and society as a whole. Our mission is to help organizations build sovereignty and security over access and privileged information.

We strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Charlie Osborne is an Editor-at-Large for Cybercrime Magazine.