When trying to gain access to your company’s IT systems, hackers prefer to target accounts with privileged administrator rights. However, many businesses take a lackadaisical approach to managing the security of these accounts.
The fact that admin accounts frequently outnumber ordinary user accounts by up to four times in many organisations, comes as more good news to hackers who are constantly seeking to maximise the disruption they cause.
“In many organisations, our experience shows time and again that these accounts are not well managed, giving hackers (internal and external) the perfect way in – it’s akin to giving the keys of the castle away at the local market raffle,” says Nigel Lewis.
Intelligence, phishing, escalation
Typically, the hacking process begins with intelligence gathering, which allows the perpetrators to send phishing emails in an attempt to gain access to admin accounts. Once a system has been infiltrated, cyber criminals will collect credentials to enable them to escalate their privileges.
This is a common method which has been carried out in many high-profile breaches, one of the most notable being that launched upon RSA in 2011.
“If hackers are able to gain control of a privileged account,” says Higgins “they are able to bypass most conventional security controls to access and exfiltrate data and then delete the evidence.”
Reducing your exposure
There are a number of security measures that businesses should take to make it harder for attackers to access accounts.
1. Always take the security and confidentiality of privileged accounts seriously – never share login information and avoid keeping passwords static – which means changing them on a regular basis!
2. There are controls you can put in place that will make getting in and accessing sensitive data more difficult for hackers. These controls include setting up multi-factor authentication and continuous user monitoring. Contact us for more details.
3. Enforce a policy of least-privilege, strictly ensuring that users are set up with the minimum level of access that will allow them to carry out the functions they need.
4. Wherever possible, apply segregation of privileged accounts to high risk or high value systems - for instance, the admin on the payment system should not be the same admin on the “supplier” system. Conversely, the admin for internal systems should not have admin for public facing systems – this segregation and compartmentalisation of privileges will prevent an attack on one system turning into a network-wide security failure.
5. System accounts passwords – these accounts have strong rights and privileges and more often than not are forgotten. They should have their passwords changed and enforced on a regular basis - there are some excellent cost effective tools that make this very simple.
Please call or email us for more information on privilege account management and best practices.