The government guidelines on cyber security emphasise the need to manage user privileges appropriately so the number of deliberate, or accidental, attacks is reduced. The problem is that unmanaged privileged accounts can lead to all sorts of problems for a business.
Access all areas
Think of a privileged account as an access all area pass to confidential business data and systems, allowing users to grant broad access rights that often go far beyond what is needed for that job function. Monitoring the actions of users is therefore paramount for security and compliance, however despite this, monitoring is not something that is standard practice.
Cyber criminals are only too aware that many privileged accounts often go unmonitored, unreported and as a result, are insecure. They understand that access to a privileged account provides the ability to control the organisations resources, disable security systems, as well as vast amounts of sensitive data. The damage done proportionately can be very severe.
Jumping security hurdles
The TalkTalk customer database hack was apparently the result of hackers gaining access to a privileged account that granted access to a customer database. When the TalkTalk CEO later announced that she didn't think the data was encrypted, there was uproar amongst the media. However, if the cyber criminal found access via a privileged account access, allowing hackers to basically jump over security then the point of whether the data was encrypted or not is secondary.
Privileged accounts users can include third-party providers, cloud server managers, systems administrators, application or database administrators, select business users such as senior-level executives and social media. Compromising any of these accounts can create considerable problems.
The best practices dictate that privileged accounts should be incorporated into an organisation’s core security strategy. This means that controls need to be put in place to protect, monitor, detect and respond to all privileged account activity.
Control don’t compromise
There are several ways to control privileged account activity. Some organisations choose to deploy a strategic solution across the entire enterprise, while others take a ‘stepped’ approach that involves looking at the most vulnerable points first.
Starting with securing privileged credentials and then moving to monitoring the accounts, once secured, enables the implementation of the underlying infrastructure. Using analytic algorithms can also help reveal previously undetectable malicious privileged user activity as it monitors behavioural data.
Introducing layered security such as encryption, tamper-proof audits, and data protection can also help with protection of accounts, especially when used in conjunction with other methods. Multiple authentication methods assist in keeping your files and data protected from both internal and external threats.
Monitoring the actions of privileged accounts is fundamental to security. Do not let protection let you down.