Cyber attackers target privileged accounts and organizations with weak security practices can easily fall prey to privileged identity theft; the compromise of privileged account credentials. Armed with credentials to administrative and service accounts with access to critical IT assets, an attacker can steal data on an industrial scale. If you look at the ten biggest data breaches in history, seven either were suspected or explicitly known to have involved privileged identity theft.
It’s easy to look to technology to harden privileged accounts from attackers but process changes are just as important because technology alone won’t save your organization. These are some straightforward process changes that can reduce the risk of a successful attack:
Understand the size of the target
You can’t defend what you don’t know exists. Establishing a comprehensive and up-to-date list of privileged accounts allows organizations to implement security measures on all of their accounts. As IT environments grow, the number of administrative, service and other types of privileged accounts can proliferate. In large enterprises, getting a handle on their privileged accounts can be difficult but it’s worth the effort.
Limit the size of the target
Limit the scope of each account across the infrastructure of any privileged account to enforce the principle of least privilege: Each account should have exactly the minimum rights required to carry out a specific task. For example, an account set up for administering an application should not have any system privileges beyond what is needed to make changes to the application’s configuration and to restart the application. On a similar note, avoid enabling accounts on systems where they are not needed.
Delete accounts and privileges that are no longer required
In today’s business environment, organizations experience constant change when it comes to identity and access management. Employees come and go, and change roles as projects begin and end. This dynamic change can lead to security gaps. Inadequate off boarding often creates a situation in which credentials exist for employees that have left the company or changed positions. In the case of contractors, this situation may be more difficult to manage particularly if they only required access for a fixed-term project.
Implement a formal password policy
Companies with a mature security posture usually implement a formal password policy for privileged accounts. The policy should include changing default passwords as a matter of course and implementing strong passwords. It should also prohibit sharing of passwords for privileged accounts. These seem like obvious recommendations but companies large and small still fail to take these steps, making life easy for hackers.
Prevent users taking short cuts
Most users accessing privileged accounts such as administrative and service accounts will do so to complete their daily tasks. Like anyone, privileged users want to work as efficiently as possible and are just as prone to the temptation of taking shortcuts when it comes to security. Educating employees on security policies and encouraging good behavior can go a long way to mitigating risks.
These five process improvements can yield big results in making privileged identity theft more difficult for hackers. In our latest white paper Understanding Privileged Identity Theft we show why privileged account credentials are a target for criminals, how they are compromised, how current methods fail, and what measures you can take to stop these threats. You can download it here.