How to Prevent Privileged User Account Breaches
February 8, 2017
Today’s Blog is brought to you by Ryan Conley, an Account Executive at Brite Computers.
Most big breaches over the past 2 years can be tied back to mismanaged privileged account credentials. In the Target breach, someone had gained access to a privileged account through their HVAC contractor. Home Depot fell prey to a similar attack when a hacker used a person’s username and password to gain access to the network and deploy a custom-built malware that collected credit card data.
The CIS Critical Security Controls (CIS Controls) has recently moved “Controlled use of Administrative Privileges” to the top five in their new release (V6.1). This reprioritization gives us insight into new attack trends and ways in which cybercriminals are infiltrating organizations today.
Why are attackers inside and outside the enterprise zeroing in on privileged accounts?
There are a couple of reasons why this has become the preferred method of hackers:
- Privileged accounts are everywhere, in every networked device, database, application, server and social media account on premise, in the hybrid cloud and in OT/SCADA systems
- Privileged accounts have all-powerful access to confidential data and systems
- Privileged accounts have shared administrative access making their users anonymous
- Privileged accounts users are granted access rights that are typically too broad, far beyond what is needed for the user to perform their job function
- Privileged accounts are not actively monitored or audited and therefore unsecure.
All predictions point to privileged account abuse worsening in the future unless organizations take action now. In most cases, a single privileged user account in the hands of an attacker can allow them to move throughout an organization, disabling security controls and gaining access to many of the organizations “crown jewels”.
So, how can privileged account user access be controlled and secured?
Best practices suggest thinking carefully about who has access to these accounts and apply additional controls to them:
- Limiting privileged access to only those who require it to perform their job functions
- Performing background checks on individuals with elevated access
- Implementing additional logging and activity associated with privileged accounts
- Maintaining accountability by never sharing privileged accounts
- Using stronger passwords or other authentication controls to protect privileged accounts from unauthorized access
- Regularly reviewing accounts for privileges and removing those no longer required.
CIS Control # 5.2 Suggests – “Use automated tools to inventory all administrative accounts and validate that each person with administrative privileges on desktops, laptops, and servers is authorized by a senior executive.”
Automation of security controls is the evolution in dramatically reducing today’s most pervasive and dangerous attacks.
Wondering how to secure your privileged user accounts through automation? Check out an eBook from our partner CyberArk: The Balancing Act: The CISO View on Improving Privileged Access Controls. Prefer to get started right away? Fill out the form here and a Brite rep will be in contact shortly.