We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
While complete security assurance is never truly possible, this does not mean that it is inevitable that an attacker will wreak havoc in the organisation’s systems and cause serious harm to the business.
An intrusion is never a good thing, but the preparedness of a company will make the difference between a minor security incident which can be contained and managed, and a complete cyber catastrophe. The ability to detect active threats and a solid incident response plan will mitigate the impact and cost of a breach. However, it is the way a company has structured and managed its sensitive data and user accounts that will often be the deciding factor in the damage an intruder is capable of inflicting.
The threat posed by privileged access
In 2017, Thycotic surveyed 300 hackers to find about their preferred routes to reach sensitive data, and 32 percent said that accessing a privileged user account was the easiest and fastest method of attack.
This is because privileged users provide a fast track to a data jackpot. These ‘superusers’, have many advanced permissions and powers; from creating and modifying other user accounts, logging into all machines in the environment, accessing sensitive data, and even making major changes to the network infrastructure. Privileged accounts are an essential building block of the IT world and include those used by both humans and applications to run services requiring specific permissions.
Unauthorised access to just one of these accounts represents one of the biggest threats an organisation can face, as privileged powers can be exploited to carry out a number of different malicious actions. Attackers will be able to bypass numerous security controls that restrict normal user accounts, enabling them to freely travel the system to install malware or copy, manipulate and destroy sensitive and mission critical data anywhere on the network.
Attackers can also use the account’s elevated powers to erase audit trails and destroy evidence of their activity, making it much easier to facilitate a cyber threat.
Pass the password
An organisation’s ability to protect its privileged user accounts from being compromised by cyber criminals can be a deciding factor in whether a breach spirals out of control to be a catastrophic incident that inflicts major damage on the company. Despite the potential threat posed by elevated users however, a worrying number of organisations fail to secure their privileged accounts effectively. In many cases, companies do not fully understand how super users function and the damage that can be inflicted if access falls into the wrong hands.
Like a normal user account, privileged accounts use passwords to control access. Unfortunately, the majority of companies still struggle with good password management, and privileged accounts are usually just as poorly secured as any other. Industry analysts estimate that 60 to 80 percent of all security breaches involve the compromise of user and privileged account passwords.
It’s all too common to find that privileged accounts are managed using basic passwords across multiple systems or are set to defaults that are never changed. An elevated account with “Admin” and “Password123” as its login credentials can be instantly accessed by an attacker, and automated tools can be used to go through accounts and quickly discover other simple passwords.
The details of privileged accounts are also often freely shared around the organisation, which means a cybercriminal can compromise a normal account and discover they’ve hit the jackpot because the user has an email in their inbox listing super user credentials.
PAM to the rescue
While a compromised privileged account represents a huge threat to an organisation, the good news is that some simple best practice steps can go a long way to keeping them from falling into the wrong hands.
The Privileged Access Management (PAM) strategy needed to keep these accounts safe should begin with an audit to assess how many elevated users the organisation has and how they are used. Privileged accounts should be kept secure, and organisations should disable any that are redundant.
The capabilities of existing accounts also need to be assessed and limited as much as possible. No single account should be able to access all systems simultaneously, and privileged user sessions should be given strict time limits. Organisations can also implement a monitoring scheme to track any session that accesses sensitive data or essential systems.
Alongside the activity of the accounts, access also needs to be closely guarded, and passwords need to be complex and changed regularly. This will prevent cybercriminals from brute forcing their way into a privileged account or using old login details stolen from another user. Similarly, the IT and security teams need to implement strict policies about sharing a super user’s details.
This makes it much more difficult for an intruder to move through the system and access mission critical data and applications. A security incident can take its toll on organisations of all sizes, but a well-managed PAM strategy can prevent a minor breach from becoming a major catastrophe.
