View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. What Is
February 28, 2017updated 01 Mar 2017 12:59pm

Privileged Accounts Explained

CyberArk's Matt Middleton-Leal is next in the Tech Express hot seat, tackling the cyber security issue of Privileged Accounts.

By Ellie Burns

CBR: What are Privileged Accounts?

ML: Privileged accounts are valid credentials used to gain access to systems in the business. The difference is that they also provide elevated, non-restrictive access to the underlying platform that non-privileged accounts don’t have access to. These accounts are designed to be used by people, applications and machines to deploy and manage IT technology, such as operating systems, network devices, applications and more. They are the keys to the infrastructure, providing access to just about everything, often including the actual data residing on the systems – which is why they are the first thing that attackers and malicious insiders seek to compromise.

Privileged Accounts explained’

Matt Middleton-Leal, Regional VP for UK, Ireland and Northern Europe at CyberArk.

 

CBR: What can cyber attackers do once they have exploited them?

ML: Privileged accounts represent the largest security vulnerability an organisation faces today. In the hands of an external attacker or malicious insider, they allow attackers to take full control of an organisation’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations. Stolen, abused or misused privileged credentials are used in nearly all breaches.

 

CBR: What common methods do hackers use to try and obtain privileged credentials?

ML: An attacker’s first step might be targeting an endpoint, which is usually the main entrance point to the network and often has the easiest vulnerabilities to exploit. Verizon analysed 2,260 breaches and found that almost two-thirds of them were made possible by the use of weak, default or stolen passwords.

Other methods used by hackers include spearphishing, an incredibly effective email spoofing fraud attempt, as well as off-the-shelf or custom malware and identity theft.

Typically, an internet infrastructure as a whole will be probed for vulnerabilities, scanning for an access point to be used as a way in. Whatever method is used to compromise the privileged accounts, the goal is the same: to obtain credentials that can allow an attack to escalate.

Content from our partners
Why the tech sector must embrace faster, smarter talent recruitment
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
CBR: What measures should companies put in place to secure their privileged accounts?

ML: There are a number of steps an organisation should take, starting with identifying and reducing the number of privileged accounts in the business. Often organisations have no idea, or vastly underestimate, the number of privileged accounts in their IT infrastructure. Each account that goes unnoticed is another vulnerability waiting to be exploited. Creating an inventory of these accounts is critical – once this is established, unnecessary accounts should be deleted.

Another important security policy to enforce is the principle of least privilege. This means only giving as much power to an employee as they need to do their job. In addition, standard users should only be given privileged access on a case-by-case, as-needed basis.

Secure credentials management and security is a must. Businesses should store privileged passwords in the most secure, encrypted vaulting system available and ensure that privileged account activity is carefully monitored.

 

CBR: What best practices should companies implement to maintain privileged security?

ML: Basic controls include minimising user privileges to reduce the attack surface, and managing privileged passwords. This includes creating one-time passwords, automatically changing them on a 30 or 60 day cycle, and – of course – making them as complex as possible.

It’s also just as important to monitor privileged accounts, which are consistently targeted by advanced insider and external attackers alike. Having advanced insider threat detection capabilities to recognise unusual activity will help companies to automatically detect and alert on high-risk privileged activity during user sessions and enable rapid response to in-progress attacks.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU