Kevin Corbett, director of federal sales at CyberArk (Nasdaq: CYBR), has said government agencies seeking to protect data and information systems from cyber threat actors should work to reduce the attack surface by putting a limit on the number of privileged accounts.
Corbett wrote that threat actors use privileged accounts to wreak havoc on an agency’s information technology systems.
He noted that agencies should implement an adaptive approach that allows them to restrict the extent of access to networks and monitor the log-in activity of a privileged account in a service or shared account.
“For a high-value asset, an agency might create a dual-approval process so that if a privileged account wants to make changes to a system, a message is automatically sent to a group of approvers,” he wrote.
He also called on agencies to deploy resilient platforms that adapt to evolving technology environments.
