Big or small, every organization has accounts that hold ‘keys to the kingdom’ credentials. Almost every account holds some level of privilege that can potentially be compromised, resulting in not only financial, but reputational damage. Looking at top patterns in the 2016 Verizon Data Breach Investigations Report, insider and privileged misuse lands the second most common cause of breaches, 16% of the total.* Companies such as Target, JP Morgan, Anthem, and many others have fallen victim to such breaches and it makes companies question, ‘will our systems ever be completely secure from hackers?’ The answer is ‘No, not really.’ It is a sad reality, however, there are ways we can diagnose and minimize the damage of potential attacks. So, here’s what you can do to reduce the severity of privileged access misuse:
1. Know your privileged accounts
Having a good understanding of your privileged accounts is first thing to do. It’s not always easy though. The larger your organization is, the larger number of privileged accounts there are and keeping track of their activity or access can be tricky. What you need is a way to auto-discover privilege accounts that can help you keep track of what you have, its activity, and its access.
2. Reduce the number of shared credentials
Shared credentials are common in most organizations as they can be easily shared and used by multiple people. It offers convenience and, in most cases, the password is seldom changed. Problem: it cannot be tracked back to one individual account, hence giving the hackers a free easy pass to misuse the accounts and get access to business critical data.
3. Enforce password complexity and increase change frequency
This one is self-explanatory. If your privileged account users have simple, easy-to-crack passwords that seldom get changed, they are openly inviting hackers to gain access and conduct criminal activity. Instead, as an organization, you should impose strict password policies and enforce frequent changes, so that you can make it harder for hackers to do what they do best - hack. The goal is to remediate threat of unauthorized access.
4. Give privileged account access only to the right personnel
This is a given, however managing the right access to the right people can be hard. Companies need a tool that integrates well with other business solutions, including Human Resources, so that it adjusts access based on entry, exit, or other movement of personnel across organization.
5. Create a plan of action if compromise occurs
Hackers are continuously trying to find weak spots to hijack your sensitive data through unsecured privileged access accounts. If that occurs, be the first to know through intelligence gathering. Use alerts and a privileged access management solution to isolate the comprised account and create a plan to remediate and further investigate.
6. Educate your internal stakeholders
Not everyone understands how hackers gain access. This is your opportunity to coach your internal audience on security best practices and what it means to hold privileged credentials. This will not stop breaches and definitely not the misuse, however, it can reduce the number of incidents by preventing some unnecessary ones. No organization wants a security breach. The truth is it’s inevitable. Breaches will happen. However, as security professionals, knowing who has access to what and its movement through a centralized dashboard for complete visibility is needed. Core Security offers a wide range of solutions and services that can help you with not only privileged access management, but also other areas of access and asset security. Please connect with us for questions on this topic or the wider cyber-security spectrum.