One of the most significant risks and a major challenge for IT security teams is the proper management of privileged identities and passwords.
Privileged identities give users greater access to system resources and configurations, and virtually all of them rely on this type of user account. Unix/ESX servers have the "root" account, Windows workstations the "administrator" account, "superusers" in SAP systems, "enable" in Cisco, "system" or "sys" environments in Oracle environments, among others.
Privileged accounts can create dangerous vulnerabilities for IT environments if they are not well managed.
A privileged account is usually allowed to change critical settings, access sensitive data in databases, create, delete, or change the access level of other user accounts.
In the hands of cybercriminals, access to privileged accounts can give full control of the IT environment, causing significant operational and financial losses.
In most security incidents that exploit a privileged account, the root cause of the incidents is the mismanagement of credentials. To solve this problem, more and more companies invest in control devices that ensure security, detection, and response against attacks that attempt to exploit administrative accounts before compromising an organization’s infrastructure. These control solutions can enforce strict rules over privileged accounts, enforce strong password policies, monitor activities, and alert managers in case of malicious activity.
Companies often neglect the management of privileged accounts, even though it's critical. According to the State of SPAM report, while 80% of companies consider privileged accounts a business-critical issue, nearly two-thirds of them use manual methods of account management with privileged access.
All information has value to someone, and thereforea data breach is a real danger. Billing worksheets, databases with customer information, personal photos, e-mail, the sheer volume of information we deal with today means that most people do not realize the value of this data.
How to solve the problem? Your company can adopt a set of best practices to reduce the vulnerable surface:
• Adopt the principle of minimum privilege; no user must have administrative access unless necessary. Monitor the use of these accounts and activities of users with high level of access;
• Automate the management and security of passwords for privileged accounts, this type of account demands more critical management from the IT security staff, strong passwords, constant updates, usage and user monitoring are crucial;
• Educate managers, the urgency on the issue should be at the top of the priorities of your company's Executives who, by the nature of their activities, may demand a higher level of system access;
• Map accounts with privileged access, without knowing exactly which users have what type of access it is impossible to manage these accounts and reduce the attack surface, creating an inventory with all the accounts, passwords and access levels is the first step.
Alexandre Fernandes is CIPHER's MSS Security Specialist.