Five Process Changes to Mitigate Privileged Account Risk

Published on 19 September 2017

Cyber attackers target privileged accounts and organizations with weak security practices can easily fall prey to privileged identity theft; the compromise of privileged account credentials. Armed with credentials to administrative and service accounts with access to critical IT assets, an attacker can steal data on an industrial scale. If you look at the ten biggest data breaches in history, seven either were suspected or explicitly known to have involved privileged identity theft.

It’s easy to look to technology to harden privileged accounts from attackers but process changes are just as important because technology alone won’t save your organization. These are some straightforward process changes that can reduce the risk of a successful attack:

  1. Understand the size of the target

    You can’t defend what you don’t know exists. Establishing a comprehensive and up-to-date list of privileged accounts allows organizations to implement security measures on all of their accounts. As IT environments grow, the number of administrative, service and other types of privileged accounts can proliferate. In large enterprises, getting a handle on their privileged accounts can be difficult but it’s worth the effort.

  2. Limit the size of the target

    Limit the scope of each account  across the infrastructure of any privileged account to enforce the principle of least privilege: Each account should have exactly the minimum rights required to carry out a specific task. For example, an account set up for administering an application should not have any system privileges beyond what is needed to make changes to the application’s configuration and to restart the application. On a similar note, avoid enabling accounts on systems where they are not needed.

  3. Delete accounts and privileges that are no longer required

    In today’s business environment, organizations experience constant change when it comes to identity and access management. Employees come and go, and change roles as projects begin and end. This dynamic change can lead to security gaps. Inadequate off boarding often creates a situation in which credentials exist for employees that have left the company or changed positions. In the case of contractors, this situation may be more difficult to manage particularly if they only required access for a fixed-term project.

  4. Implement a formal password policy

    Companies with a mature security posture usually implement a formal password policy for privileged accounts. The policy should include changing default passwords as a matter of course and implementing strong passwords. It should also prohibit sharing of passwords for privileged accounts.  These seem like obvious recommendations  but companies large and small still fail to take these steps, making life easy for hackers.

  5. Prevent users taking short cuts

    Most users accessing privileged accounts such as administrative and service accounts will do so to complete their daily tasks. Like anyone, privileged users want to work as efficiently as possible and are just as prone to the temptation of taking shortcuts when it comes to security. Educating employees on security policies and encouraging good behavior can go a long way to mitigating risks.

These five process improvements can yield big results in making privileged identity theft more difficult for hackers. In our latest white paper Understanding Privileged Identity Theft we show why privileged account credentials are a target for criminals, how they are compromised, how current methods fail, and what measures you can take to stop these threats. You can download it here.

by Csaba Krasznay

Csaba Krasznay is Balabit's Security Evangelist. He is responsible for the vision and strategy of Balabit's Privileged Access Management solutions. He was elected to the “Most Influential IT Security Expert of the Year 2011”.

share this article
Mitigate against privileged account risks
Get in touch

Recent Resources

Audit Reporting in Shell Control Box

Shell Control Box (SCB), Balabit' privileged u er monitoring appliance, feature  a comprehen ive reporting y tem, which...

Best Practice for Incident Forensics

Today ecurity incident are a que tion of when, not if: every company, mall and large, face the threat of being a...

Calibrating anomaly scores

In thi blog po t, we are going to di cu how to calibrate anomaly core to make ure that the core are tru ted...

“Lorem ipsum dolor sit amet, consectetur adipisicing elit. Sint minima earum velit, dolorem fuga impedit onsectetur adipisicing dolorem.”

– Lorem ipsum, Lorem ipsum