Privileged accounts are a security necessity in all enterprise IT environments. To keep business networks and systems operational, IT administrators are given elevated privileges to better manage the environment. While these administrators possess special access to the environment, they are often the individuals targeted by cyber criminals. One such method of breaching privileged access accounts is through phishing scams. In Australia alone, there were over 24,000 reported cases of phishing attacks in 2018 resulting in losses of more than AU$930,000.
In addition to the threat of privileged accounts being breached by hackers, there is the inherent risk of a data breach caused by human error. An employee could knowingly or unknowingly abuse the elevated power entrusted to them. An infamous example was when a former Facebook employee was caught rifling through users’ personal profiles for personal amusement.
A further challenge IT professionals face when trying to secure privileged access accounts is the sheer volume of users and the various systems that enterprise businesses use. Many systems access the same credentials, making it difficult to keep networks secure.
In an attempt to mitigate any cyber-attacks, IT professionals must stay vigilant and stay ahead of hackers. While there are never any guarantees when it comes to cyber security, organisations can follow five steps that will help keep them five steps ahead of a breach.
Step 1: Catalogue all privileged accounts, user names and systems associated with them
In order to mitigate the risks of privileged accounts, businesses must first know how many accounts are in use across the entire network and which users need access to them. A detailed inventory is a valuable first step.
With a comprehensive list of all privileged accounts and the users and systems that have access to them, an organisation can accurately assess where it is most vulnerable to internal or external security breaches and accurately prioritise the necessary effort to investigating and protecting against those vulnerabilities.
Steps 2: Ensure your passwords are stored securely
Networks are only as secure as the key used to lock them. In most businesses, it’s the password used to login to a device or network. One option to ensure passwords are secure is a password manager, which provides multiple security layers, including encryption, firewalls, and secure communication.
Password management technology can also help ensure that privileged credentials are provided to users who need them in a timely manner with appropriate approvals. If a password manager is not a viable option it is vital to ensure that at a minimum all privileged passwords are encrypted and a form of two-factor authentication is in place.
Step 3: Enforce strict change management processes for privileged passwords
Ensuring passwords are difficult to guess by using a combination of numbers, letters and symbols is important to good password hygiene, but it is also essential to change passwords on a regular basis.
Since these credentials are often hard-coded in scripts and applications, changing privileged passwords can be tedious and introduces the risk of important applications failing, which can lead to a reluctance to do it altogether.
To avoid failure, businesses should create a complete and accurate inventory of the scripts and applications that use privileged credentials. Businesses can also invest in a software solution that can replace hard-coded passwords with programmatic calls that dynamically retrieve the account's credentials.
Step 4: Ensure individual accountability and least privileged access
Implementing best practices and abiding by compliance regulations requires both individual accountability and least privileged access. An organisation must know exactly who has had access to what, when and where, and users should only be granted the level of access needed in order to perform the tasks necessary to their role. In doing this, a business can limit harmful actions, whether unintentional or malicious.
Step 5: Audit use of privileged access on a regular basis
It is not enough to simply control what privileged users are allowed to do, it is also necessary to audit what those users are doing with their access. It’s important to regularly generate and review reports that note when privileged passwords were changed and what potentially harmful commands have been used on each system, and by which users.
It is also important to institute a process for periodic certification to ensure users who can gain or request access to privileged accounts should retain those abilities. Through regular auditing, reporting, and certification, an organisation can better understand how well it is securing privileged accounts, discover areas for improvement and take steps to reduce risk.
Privileged accounts, while a necessity, often present a high risk to all organisations. Therefore, managing access must be addressed in a thoughtful, practical, and balanced way. There is, unfortunately, no one size fits all for cyber security, but implementing these five steps will set any business on the path to privileged account management best practice, arming it with the ability to assess its current security environment, identify gaps or vulnerabilities, and mitigate the risks.