Don’t Let Privileged Accounts Be a Privilege to Outsiders

Written by

Privileged accounts are essential to businesses both big and small, but these accounts pose a greater security threat than meets the eye.

Sometimes, clicking on a malicious link is all it takes to bring a company to its knees. While it may seem like an obvious trigger that should be avoided, recent research from Verizon’s 2018 Data Breach Index Report shows that 4% of employees always click on malicious links. That small number can have a high negative impact on an organization, especially when company sensitive data such as personal and financial information is compromised.

What’s more, the average time it takes between sending the email and receiving a click is just 16 minutes. Implementing the appropriate security controls can help organizations reduce the risk from these 16 minutes and ensure cyber criminals don’t get a free pass to run havoc within the corporate network.

Preventing Privileged Identity Theft 
Privileged accounts hold the keys to highly sensitive company information, and once these credentials are targeted, they can easily open the gate to a company’s most valuable assets.

Breaches of this nature are typically performed by external determined cyber-criminals who gain access via privileged account credentials. Privileged identity theft can hit a company hard on numerous levels including both cost and reputation. The type of data stolen often includes highly personal data like credit card details, user accounts, and health records, to name just a few. 

Damage created by privileged identity theft, however, can be significantly reduced when companies take the time to layer their security controls, going beyond basic password management. Knowing who can access privileged accounts is no longer enough, and quite frankly, it never was.

Additional and more detailed steps must be taken to ensure that threats are detected before they escalate into full-blown attacks. Understanding where to start can be a challenge, but taking time to implement the appropriate controls can save businesses both big and small a world of irreparable damage.

Protecting Privileged Accounts
Since privileged accounts are only intended to be used by trusted, VIP users, such as sys admins, third-party IT providers or contractors, it is vital to provide training on risk assessment and mitigation. Trusted team members with access to sensitive data should understand what to look for and should have the authority to flag suspicious activity.

Furthermore, implementing multi-layered security features will help them keep all systems running with a reduced risk of derailment. To mitigate vulnerabilities, having updated (or patched) operating systems, applications and firewalls is also essential; running on outdated technology is an open invitation to cyber-criminals.

On a simpler note, passwords should still be changed and randomized often, and should be coupled with multi-factor authentication for all accounts, both privileged and average users.

Additionally, privileged sessions must be inspected. As part of a privileged access management program, every privileged session should be recorded, stored, and the risky ones should be examined for suspicious activity. It can help prevent malicious actions, or in case of an incident, dramatically reduce the time to find the root cause of the problem.

Regular inspections also can save a company by reducing the likelihood of sensitive data slipping through the cracks, since someone is far more likely to notice even the most subtle hiccups when attention to detail is in place. Taking a closer look at these privileged sessions can take time, but consider for a moment the time that attackers spend when homing in on a target. They lurk, they escalate privileges, and they sniff out valuable data to steal.

High-profile breaches such as US government Office of Personnel Management (OPM), Sony and Target went undetected for months while attackers moved freely and planned exfiltration of high value assets.

According to the latest Verizon DBIR, 68% of breaches took months or longer to discover. It only makes sense that an organization’s security controls should include the same diligence that a criminal would take in attempting an attack.

Privileged User Behavior Analytics
Implementing privileged user behavior analytics can add another layer of support for protection, as it monitors and analyses privileged users’ activities, and detects unusual behavior to help prevent theft.

By collecting users’ “digital footprints,” a baseline of activities using advanced machine learning algorithms is gained in order to detect anomalies in real-time – a true blessing in the case of those aforementioned 16 minutes. Malicious insiders acting oddly or the lateral movements of external attackers can be revealed.

Furthermore, it prioritizes the riskiness of behaviors that may lead to security issues and focuses on potentially high-risk situations and activities to improve the efficiency of security teams as well.

Reclaiming Control 
Control is a vital matter when it comes to the amount of access hackers can potentially gain within a network. While certain industries will feel a greater impact than others, it is in the best interest of every organization to safeguard themselves and to tighten security protocols around privileged accounts. Sectors such as banking, healthcare, retail, and any business that holds financial or personal data should be on high alert when putting new measures into place.

Above all, privileged accounts could use better protection. In the wake of so many breaches, taking additional steps to tighten and layer security controls is no longer an option, it is a requirement. 

What’s hot on Infosecurity Magazine?