It’s always easy with hindsight, but today it seems clear that the cyber criminals behind many of the recent, high-profile data breaches weren’t necessarily computer geniuses. Just good opportunists. They were able to exploit human nature and take advantage of an open door they knew they’d find. Let me explain.
These hackers use creative social engineering tactics like targeted spear-phishing emails that lure unsuspecting users to open a malicious attachment. Then, the attackers deploy zero-day malware onto a user’s computer.
From that single computer, hackers can exploit unsecured privileged credentials to take control of systems throughout the victim’s network. They map the IT infrastructure and extract sensitive information. Simple, but effective.
Potentially vulnerable privileged identities exist throughout the network. That includes on operating systems, in network appliances and backup systems, and in line-of-business software.
The credentials that control access to privileged accounts are ultimately the main obstacle standing between hackers and your organization’s private data. All too often, however, these credentials are not secured, monitored and audited.
Why Privileged Accounts Are at Risk
Privileged accounts aren’t even recognized by Identity Access Management (IAM) systems, so most organizations have no automated management of them.
IT security regulations—mandated by government and industry groups alike—require organizations to frequently update privileged credentials and audit their use. But updating these credentials manually or with scripts often proves too time-consuming and error-prone to be practical.
To further complicate the process, manual changes can cause service outages if personnel fail to account for interdependencies between different privileged accounts. Therefore, many organizations simply ignore the problem.
Unfortunately, privileged account security risks don’t stop at your data center door. More and more of the shared services that your organization probably uses—including cloud services, certificate authorities and financial service gateways, to name a few—may have weak privileged account security.
The shared privileged logins used by service provider staff are an attractive target for a hacker. Especially since a compromised login can expose the private data of scores of corporate customers.
Protecting Against the Privileged Credential Hacking Threat
Although securing your privileged accounts might seem daunting, you can start to take control in just three steps.
Step 1. Find the keys: You need to carry out a top-to-bottom audit of your network to determine exactly where your privileged accounts reside. This should include cataloging whether the logins are unique and complex, and whether they are changed often enough to be secure.
Step 2. Lock the doors. If needed, you should deploy the basic automation necessary to close any discovered security holes. Privileged identity management solutions secure these accounts in large enterprises. And they can do so in days – rather than months.
Step 3. Secure the Windows. There’s no point securing your network if critical external elements are left vulnerable. Demand that your key business partners—including cloud service providers, certificate authorities and others—prove that they’re compliant with meaningful mandates like the Consensus Audit Guidelines.
Hackers have demonstrated that they can penetrate any corporate network. Many organizations seem to be reeling from the severity of the situation. Some have responded with confusion as they hurry to latch the doors while leaving the keys in the locks.
Your data center relies on privileged identities to function. That’s not going to change. Failure to protect these accounts by implementing a least privilege model, however, will leave your private data exposed. We’ve explained the risks, but taking action is up to you.
Want more tips for securing your privileged credentials? Get our white paper, Best Practices in Privileged Identity Management.