Andy Baldin, VP – EMEA at Ivanti, looks at why this year’s Clean Out Your Computer Day is the perfect time for businesses to assess their IT hygiene policies and implement a privileged access management strategy in a zero trust world.
There have been numerous reports of customer data breaches in the last few years but, regardless of the specific details, the majority of incidents have one thing in common. It is very likely that the breach was made possible through the compromise of privileged accounts and passwords, often acquired through phishing emails and other forms of social engineering.
As the network becomes increasingly complicated with the mass move to cloud and SaaS, hackers are increasingly looking for an easy way in through privilege accounts. Once cybercriminals and malicious actors have access to privileged accounts and information there is no limit to what they can do. Just look at the Target attack of 2013 made possible due the abuse of privilege accounts, which compromised 41 million consumers’ data and resulted in Target paying a US$18.5 million settlement.
This is just one example of thousands of recorded incidents where cybercriminals have been able to compromise data unnoticed and consequentially, the sheer volume of incidents has resulted in IT and security teams being overwhelmed and under resourced.
Therefore, privileged access management (PAM) is one of the largest security vulnerabilities enterprises face today. Controlling access to privileged information is a major headache for many organisations as criminals continue to circumvent security measures, made even easier by the fact that many businesses still have not implemented an effective Privilege Access Management (PAM) solution.
This is most likely because early versions of this technology were complex and difficult to implement, requiring significant business resources, both financial and in man power. However, this is no longer the case – the maturity of PAM solutions has come a long way and, frankly, IT teams no longer have the excuse not to implement additional security measures.
Continuous vulnerability assessment and remediation, including patching and privileged access management for helping block what can’t be patched, such as legacy systems and zero-day exploits, and preventing the rampant spread of malware, needs to be a part of every organisation’s security posture. When 93% of data breaches compromise organisations in a minute or less, businesses simply can’t afford to make the wrong decisions when it comes to securing the enterprise. National ‘Clean up Your Computer’ Day is a golden opportunity to do some security housekeeping and protect a company’s most important assets by controlling and monitoring who has access to a business’ privileged accounts.
Superusers – the cybercriminals key to unlocking access
Privileged accounts are an important part of the business infrastructure as they have advanced access and security clearance to run applications and services that can affect the whole network infrastructure. However, as businesses grow, this system becomes more complex and, often without thought, additional privileged accounts get created that belong to a wide range of end-users, including employees, third-party contractors and automated users. In fact, in many organisations there are three-four times the amount of privileged accounts than employees, making it impossible for IT teams to monitor the movement and actions of each manually.
These accounts, in the right hands, are a powerful and dangerous tool. They have the ability to create and edit user accounts, install software and enable mobile access to all operations and connections across the network. As well as this, privileged accounts have the ability to obtain sensitive data and, in many cases, can override security protocols.
Thus, these accounts are prime targets for cybercriminals as gaining control of these essentially hands hackers the keys to the kingdom, enabling cybercriminals to carry out a number of damaging actions such as DDoS attacks, unauthorised transactions, breaching and stealing personal data and infecting the system with malware. To make matters worse these types of attacks are very difficult to detect because malicious actions get disguised as normal traffic, generated by a legitimate login. The cybercriminal can then cover their tracks by deleting the audit data once finished.
Striking the right balance – improve don’t inhibit
It is essential that businesses are protecting privileged accounts, to defend against their misuse, accidental or deliberate. In order to do this, businesses need to remove admin rights from users, but this must be done in such a way that does not affect the productivity of workers. Essentially IT teams need to ensure that they grant the correct privileges to each individual employee, without allowing apps to run that could reduce desktop stability, impact security, breach licensing compliance, lead to user downtime and increase desktop management costs.
While enterprises need to take a zero-tolerance stance on privilege accounts, as just one mistake could cost the business thousands, dynamic whitelisting can only be part of the equation because a greater security risk may be created if organisations cause end-users problems by preventing them from doing their daily tasks. Users disadvantaged by a poor experience will be less efficient and will also call the help desk more, further diluting IT teams’ availability. Those users can also react to system lockdowns by turning to ‘Shadow IT’ workarounds, creating vulnerabilities in the environment unbeknown to IT. So, when necessary, IT teams need the right to grant privileged rights temporarily in order to retain this balance.
Practical privileged access management
To begin with, businesses should first assess the network and reduce the number of privileged accounts. This will not only mitigate potential risk but reduce the time needed to monitor and manage these accounts. Secondly, reduce the number of end-users that have access to these accounts. Strong password management goes hand in hand with this step – regularly updating and encrypting passwords can go a long way to protect these accounts. While this may sound simple, many organisations still have poor password hygiene.
The famous IRS data breach is a prime example of this, where poor passwords such as ‘password’ enabled cybercriminals to breach the system. In a case where a user does need to be granted privileges to remain efficient in their day-to-day activities, this should be monitored closely and the rights need to stripped away again as soon as they are no longer required.
Importantly, IT and security teams need to ensure that they have deployed a PAM solution to help them better manage and monitor the activity of privileged accounts, as there is simply too much activity for humans to manage. Without automation it is almost guaranteed that something will slip through the net. PAM will prevent unauthorised code execution without making IT manage extensive lists manually and without creating obstacles to user productivity. By automatically preventing the execution of any code, even unknown, that comes from a non-trusted owner IT teams can manage user privileges and policy easily through this system at a granular level using automated software, while also allowing for self-elevation when exceptions occur.