In theory, creating privileged access accounts to the most critical areas of your company’s network is supposed to add a layer of security to sensitive data or infrastructure. However, these accounts are difficult to completely lock down and thus could be a data vulnerability for many enterprises, says TechTarget’s SearchSecurity:
In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data. Privileged accounts, such as the UNIX root, Windows Administrator accounts or accounts associated with database ownership and router access, are required for platforms to function. Moreover, they are required for ‘break the glass’ emergency access scenarios as well as more mundane day-to-day tasks.
A survey conducted by Thycotic of 201 hackers at Black Hat USA 2015 found most agreed that privileged accounts aren’t as secure as we think they are, and that little has been done to improve on such account security in recent years. According to the survey, despite an increase in security spending, 75 percent of hackers haven’t seen any real change in the level of difficulty in compromising privileged account credentials. In fact, the vast majority said it may be even easier to hack into these accounts than it was just a couple of years ago.
So just how easy is it to attack privileged accounts? Nearly half of those surveyed said it was a favorite target when wanting to get direct access to large amounts of critical data. Why is it such a favorite entry point for hackers? Because it is easy prey—companies are doing very little to protect themselves or their data through these accounts as a whopping 94 percent of those questioned said they often find privileged credentials in unprotected files.
Nathan Wenzler, senior technology evangelist at Thycotic, said in a release:
It is apparent that for all the new defensive solutions that have been introduced, we still haven’t cracked the code on how best to protect mission-critical data and company secrets, and in fact, in some cases we’re only adding additional layers of complexity which provide attackers more attack vectors to use to break in. It’s also clear from the data that even some of the most basic security practices are still not being enforced well enough by organizations and privileged login credentials are constantly left vulnerable to intruders.
If you want a solid example of why you may want to rethink the security surrounding privileged access accounts, it can be found in perhaps the largest (in terms of data compromised, at least) cyberattack in the country: the Office of Personnel Management attack. But it is also a problem we’re seeing over and over again with other breaches. As the Christian Science Monitor stated, we’re seeing this type of attack being used more frequently, and the reason is becoming clear: The attackers gain a foothold into the system because they appear to be there legitimately.
If you haven’t done so in a while, it may be time to rethink the security around your privileged accounts. How easy would it be for someone to slip into your critical infrastructure without being caught?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba