By: Andrew Clarke, director of strategic alliances & channel partnerships, One Identity.
Within the VDBIR, one of the factors that continues to plague the public sector are breaches that use privileged credentials, either by misuse or by error – with that alone accounting for 30% of breaches. This arises due to uncontrolled and unmanaged privileged accounts – or the accounts required for critical administrative tasks. These are often performed by third parties and therefore become even more difficult for organisations to manage on their own. One such aspect that is re-enforced in the report is uncontrolled access to privilege/administrative accounts. When a hacker gets access to such an account, they can probe weaknesses and execute privilege commands that sow the seeds for continual intrusions, many that go undetected for months… or even years.
Furthermore, in the 2019 VDBIR, consideration is given to the principles that result in an organisation being hacked. Although perimeter defences still play a vital role in protecting an organisation, once inside, a malicious actor has scope to take advantage of any open doors. Everyone is aware that perimeter defences play an important role in deterring cybercriminals from targeting their domain, but by using a combination of tactics, threats and procedures (TTPs) as outlined in the VDBIR, when these are defeated, the cybercriminal is then able to take advantage of insufficient controls across the company network. Usually, privileged access is located and from there and the position is escalated, allowing them to map out the entire network and provide a route to extract data.
There have been many examples in the media in the past few years where this has been seen to be the underlying cause of high-profile enterprise attacks. This type of risk can be easily mitigated by the introduction of a privileged password safe – which protects access to the privileged account alongside privileged session management – that provides individual accountability for those that have legitimate access – but protects access to critical assets and systems.
The key security measure that stops this in its tracks is privileged access management – asserting control and management over the powerful administrative accounts that facilitate the access resulting in head-line making damage to business and reputation.
As undetected privilege misuse is a key factor that plays out time and time again, a crucial takeaway from the report is that once a privilege account has been compromised, it can be used repeatedly.
Another way organisations can get smarter with security is by implementing a layer of privileged account analytics within their business. Such technology enhances security by using behaviours and machine learning algorithms to detect known and unknown bad behaviour instead of pre-determined patterns which can only detect known bad behaviour. With this in place, the different behaviour displayed by a malicious actor will be detected and alerted – and a previously undetected attack vector is removed.
What this report makes abundantly clear is that privileged access management is a foundational security control that no one should overlook.