Cyber attackers target privileged accounts and organizations with weak security practices can easily fall prey to privileged identity theft; the compromise of privileged account credentials. Armed with credentials to administrative and service accounts with access to critical IT assets, an attacker can steal data on an industrial scale. If you look at the ten biggest data breaches in history, seven either were suspected or explicitly known to have involved privileged identity theft.
It’s easy to look to technology to harden privileged accounts from attackers but process changes are just as important because technology alone won’t save your organization. These are some straightforward process changes that can reduce the risk of a successful attack:
You can’t defend what you don’t know exists. Establishing a comprehensive and up-to-date list of privileged accounts allows organizations to implement security measures on all of their accounts. As IT environments grow, the number of administrative, service and other types of privileged accounts can proliferate. In large enterprises, getting a handle on their privileged accounts can be difficult but it’s worth the effort.
Limit the scope of each account across the infrastructure of any privileged account to enforce the principle of least privilege: Each account should have exactly the minimum rights required to carry out a specific task. For example, an account set up for administering an application should not have any system privileges beyond what is needed to make changes to the application’s configuration and to restart the application. On a similar note, avoid enabling accounts on systems where they are not needed.
In today’s business environment, organizations experience constant change when it comes to identity and access management. Employees come and go, and change roles as projects begin and end. This dynamic change can lead to security gaps. Inadequate off boarding often creates a situation in which credentials exist for employees that have left the company or changed positions. In the case of contractors, this situation may be more difficult to manage particularly if they only required access for a fixed-term project.
Companies with a mature security posture usually implement a formal password policy for privileged accounts. The policy should include changing default passwords as a matter of course and implementing strong passwords. It should also prohibit sharing of passwords for privileged accounts. These seem like obvious recommendations but companies large and small still fail to take these steps, making life easy for hackers.
Most users accessing privileged accounts such as administrative and service accounts will do so to complete their daily tasks. Like anyone, privileged users want to work as efficiently as possible and are just as prone to the temptation of taking shortcuts when it comes to security. Educating employees on security policies and encouraging good behavior can go a long way to mitigating risks.
These five process improvements can yield big results in making privileged identity theft more difficult for hackers. In our latest white paper Understanding Privileged Identity Theft we show why privileged account credentials are a target for criminals, how they are compromised, how current methods fail, and what measures you can take to stop these threats. You can download it here.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
When a child goes near something hot, a parent will ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser