Privileged Accounts: The Keys to the Kingdom
By Alan Ryan, Director of Security Practice at MTI Technology - 17 November 2015
The number of breaches detected in workplace security systems has increased by 38 per cent in the past year. Ashley Madison, Carphone Warehouse, and Sony Pictures have all fallen victim to high profile data breaches in 2015.
Despite the barrage of media coverage surrounding breaches, many attacks still remain unreported. In fact, some attacks remain hidden for months or even years before any evidence of its existence is unearthed. According to American cyber security firm Mandiant, hackings take place for an average of 229 days before networks discover them. Once an attacker gains access to a system, they are able to cover their tracks so they are not detected, eliminating the idea of the “kill chain”.
Hackers are becoming increasingly sophisticated in their methods of attack. Advanced persistent threats (APT), phishing, DDoS cover, and insider threats can be deployed at anytime to target any company, regardless of its size.
Privileged account access
According to CyberArk, 80 to 100 per cent of breaches involve privileged accounts at some point during an attack. Privileged account users have direct access to crucial company data and IT systems, and have become a focal point for hackers.
Unauthorised access to critical systems is not only an external problem for companies. Insider threat emanates from individuals who have admin privilege and exploit this access for malicious purposes. An external attacker will act as admin to gain access, where as a malicious insider will use their own admin access - both result in damage to a company. Consequently, leaving privileged accounts unmonitored is where the real threat lies.
Privileged accounts: how to reinforce, detect and prevent further access
Once an attacker gains access to internal systems via a privileged account, they have access to critical data and systems. At this point, if the hacker is not detected, it’s too late to secure sensitive corporate information. When dealing with privileged accounts it’s important to consider the following to help deter unauthorised access:
- Identify who has access to a privileged account
First step to revamping security protocols is to establish which user accounts have privileged access and for what purpose they have this access. Limiting privileges to only a few necessary individuals will reduce the potential for exploitation.
- Monitor admin accounts
It is important to know how these privileged accounts interact with data and internal systems. IT administrators should be looking out for admin users who display erratic behaviour, such as accessing a system from multiple points in the network. An admin account accessing a network from various global locations in a small period of time is a sign of fraudulent activity.
- Privileged passwords
Passwords are the gateway when accessing privileged accounts. Changing default passwords regularly, or using one-time passwords, can help protect these high-value accounts. Using different admin passwords on each system will also help to reduce the potential for attacks. Hackers thrive on default passwords that are obtainable from phishing scams or social engineering – do not make it easy for them! Encrypting privileged account passwords will help strengthen security.
- Governance and process
Develop and maintain a tight governance practice around access to data and systems. Remove admin accounts that display a lack of activity or are out of date. Penetration testing will also help to identify weak points in a network, but a regular review of processes surrounding privileged accounts can help to identify leavers, movers, and joiners.
Make the most of a tight IT budget
According to Gartner, global IT security spending will reach an all time high of $75.4 billion in 2015. This record investment corresponds to the increase in the number of hacks and an acceptance that security breaches are no longer just a threat, but a regular occurrence. PWC recently reported that nearly 90 per cent of large organisations surveyed suffered some form of security breach in 2015.
Smaller companies with fewer resources will have to prioritise areas of importance based on the potential for damage. Investing in better governance and processes as a company, rather than throwing products at privileged account security, is crucial when dealing with tight IT budgets.