By Andy Harris, Chief Technology Officer at Osirium
Cybercrime and stolen privileged credentials are now fully commoditised on the black market; just a few pounds will buy your way inside a Fortune 500 company network, and the data fetches a high price. Exploitation of privileged accounts is a key tactic in modern cyberattacks. Privileged access is the simplest way into a network, and as organisations move to the cloud, streamline supply chains and invite third parties to routinely access their infrastructures, cyber attackers are increasingly targeting these accounts to steal and exploit their access. Techniques are becoming more widely available, easier to learn, and are lowering what it takes to be a black hat hacker.
The ‘Insider Threat’
Cyber breaches that leverage privileged accounts are damaging, difficult to detect and take time to recover from. These attacks require an organisation to identify a legitimate login that’s being used for illegitimate purposes. A breach that leverages privileged access can cause denial-of-service attacks, personal data loss, complete unauthorised transactions, and then hide all activity by deleting audit data. Privileged account attacks can look just like normal traffic and can cover their tracks, remaining undetected for months or even years.
The scale of the issue
Though regulators and auditors enforce controls to monitor it, over 65% of organisations still allow unrestricted and unmonitored use of privileged accounts. In most organisations, developers, contractors and other system administrators all receive full super-user rights, which cause challenges to accountability and auditability.
In fact, 86% of large enterprise organisations either don’t know or underestimate the number of privileged accounts associated with their networks. There are often 3 to 4 times more privileged accounts than employees. Passwords are shared widely and rarely changed, and credentials of ex-employees or contractors rarely erased. It is the equivalent of forgetting who and how many people you gave out copies of your front door keys to…
How are businesses responding?
Most businesses operate in reactive mode, with the focus on detection and remedy after a breach, rather than prevention. Many continue to use out-of-date systems that haven’t been appropriately updated for today’s connected society with routine remote access. Furthermore, no one monitors these systems to know who is using them, or what data is leaving the network.
Privileged Access Management: the solution
Privileged Access Management tools such as Osirium’s PxM Platform help businesses provide secure privileged access to critical assets and meet compliance requirements by managing and monitoring all privileged accounts and access. Increasingly, businesses recognise the benefits of Privileged Access Management in light of increased security risks, evolving IT infrastructure, regulatory milestones such as GDPR and Cyber Essentials.
Gartner predicts that by 2020, over half of all security failures associated with IaaS and PaaS will be directly attributable to gaping security holes caused by failure to adopt Privileged Access Management processes and technology.
Businesses need to act. Regardless of attack origin, leveraging privileged accounts is a critical success factor for attackers in 100% of all advanced attacks.
Osirium’s 6 steps to securing your IT infrastructure
- Identify all critical business systems and assets
- Isolate, monitor, and manage every point of access
- Identify and reduce the number of privileged accounts
- Deploy multi-factor authentication to secure privileged accounts
- Enforce the principle of least privilege to restrict end-user access
- Monitor and record all activity