When asked why he robbed banks, Willie Sutton allegedly quipped, “Because that’s where the money is.” The same thing could be said about why hackers go after privileged accounts.
The term “privileged accounts” refers to all of the administrator logins to servers, security systems, network devices, databases and applications. Hackers prize them because they provide virtually unfettered access to an organization’s systems and data. If a hacker can login as administrator, he can do pretty much anything he wants.
Clearly, protecting privileged accounts should be a top priority. However, a new study by Thycotic and Cybersecurity Ventures found that most organizations fail to follow best practices when it comes to privileged account security.
Of the 550 organizations surveyed, 30 percent said they allow privileged account credentials to be shared by multiple administrators, which makes it difficult to spot insider threats and control access when an administrator leaves the organization. Even more alarming, 20 percent said they have never changed the default passwords on privileged accounts. This leaves them extremely vulnerable because default passwords are very easy for cybercriminals to crack. In addition, 40 percent of organizations use default user IDs, giving hackers half the information they need to gain access to that account.
Increasing the security of privileged accounts begins with knowing what they are. Make a list of all the administrator credentials within your organizations, as well as logins for social media, cloud services and other critical applications. Also check for machine-to-machine accounts that allow devices and applications to communicate with one another — these often use weak, default passwords.
Because most privileged accounts require only a username and password, it’s important to make the passwords as robust as possible. Take steps to change all the passwords on your privileged account list, using a different strong password for each account. Some government and industry regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), may also require multifactor authentication for privileged accounts.
In order to keep your privileged accounts secure, you should follow these best practices:
- Wherever possible, create unique credentials for privileged accounts. Associating access credentials with an individual user improves both security and accountability.
- Adopt a “least-privileged access” policy. In other words, err on the side of prohibiting administrator access rather than granting it.
- Establish checks and balances for password changes. By requiring multiple levels of approval you can prevent a disgruntled administrator from changing privileged account passwords and holding your organization hostage.
- Track access to privileged accounts and audit access logs regularly. This will help you monitor compliance with policies and procedures and spot potential security threats.
- Educate your team about the importance of privileged account security. Make sure they understand the reasoning behind access control policies and the role they play in preventing a security breach.
Most security breaches can be traced to compromised user credentials. If those credentials belong to an administrator account, a hacker could take control of your systems and network and access your most sensitive data. Let Atlantic-IT.net, your outsourced IT department, help you improve your security posture by protecting your privileged accounts.