Organisations Failing to Close-off the Risks of Legacy Privileged Accounts

Written by

If you are trying to compromise an organisation’s IT systems in some way, then you need to have access. Getting a given user’s log in details is a starting point but might not get you that far, unless they are a user with privilege. Privileged users have much wider ranging access than “normal” users, often far more than they need. Privileged user accounts are therefore of great interest to hackers.

A responsible system administrator (sys-admin) should at least have a strong password and keep it secret. However, it is clear from recent Quocirca’s research that there are likely to be plenty of privileged user accounts out there that are not even associated with active sys-admins, let alone responsible ones.

They fall into two categories:

  1. Default accounts supplied with software may be left in place; 58% of organisations confirmed that they did not have full control over the management of such accounts
  2. Accounts left in place when a privileged user leaves an organisation or moves to a position that no longer requires privileged access; 54% of organisation admitted they did not fully control the removal of such accounts

Default privileged user accounts can be searched for and closed down. Ensuring privileges are removed from users that are no longer needed can either be controlled by making the allocation of privileges an extension of standard identity and access management, or by granting all privileges on an “as needs” basis for a limited period of time through the use of password vaults.

This is not just an issue with regard to external hackers. Ask the French Bank Société Générale; the rogue trader Jérôme Kerviel, who lost it €4.9 billion, perpetrated his fraud and covered his actions for a couple of years because of privileged user access that he had been granted to carry out a previous IT administrator related job, which had not been revoked when he moved to the trading floor.

To see the full research behind this and get a free copy of Quocirca’s report – “Conquering the sys-admin challenge” – go to

What’s hot on Infosecurity Magazine?