One third of hackers said that a privileged access account is the easiest way to steal your data, according to a survey conducted by Thycotic at this year’s Black Hat conference. I’m surprised it was only a third of hackers who said this, considering that once you have someone’s credentials, you pretty much have the keys to the kingdom. It’s difficult to detect an intruder who has used legitimate credentials to gain access. As Joseph Carson, chief security scientist at Thycotic, said to me in an email conversation:
A privileged account breach is the difference between a simple network breach and a cyber catastrophe. When a single system is compromised, it is typically easy to mitigate, isolate and eradicate that risk and restore. When a privileged account is breached, it can lead to a major catastrophe since it allows the attacker to access sensitive areas of the network. It is more difficult to isolate and eradicate, and it means if your domain admin was compromised, you might have to rebuild your entire active directory.
Thycotic conducted the survey in order to get a hacker’s perspective on what works and doesn’t work when it comes to protecting critical data. Privileged access was by far the favorite means of access by hackers, followed by access to user email. The results of the survey revealed how difficult it is for traditional perimeter security tools to be an effective barrier against hackers. It also shows how difficult it can be to eradicate insider threats.
What can you do to protect your organization from privileged user abuse and threats? Carson provided the following tips to better protect your data from maliciously used credentials:
A password and Privileged Account Management (PAM) solution is the key to building a solid foundation to manage and secure privileged accounts: This helps organizations become more scalable and flexible when adopting new technologies. It is key to protecting critical assets and ensuring only trusted and authorized employees access the right data and systems.
Providing security awareness training to those who will be using and are accountable for privileged accounts: Your training should emphasize the critical importance of privileged account security and include IT security policies specific to your organization. Make sure you get buy-in and support from your executive team by educating them as well.
Look for tools that help you automate the discovery, security, and protection of privileged accounts: Any software tools you evaluate should give you the ability to continuously discover privileged accounts, store privileged account passwords in a safe “vault,” automatically rotate passwords regularly, and effectively monitor and report on privileged account activity.
Audit and analyze privilege account activity: Examine how privileged accounts are being used through audits and reports that help spot unusual behaviors that may indicate a breach or misuse. These automated reports also help track the cause of security incidents, as well as demonstrate compliance with policies and regulations. Auditing of privileged accounts gives you cybersecurity metrics that provide executives, such as the Chief Information Security Officer (CISO), with vital information to make more informed business decisions. The combination of auditing and analytics can be a powerful tool for reducing your privileged account risks and exposure to compromise.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba