Every privileged account on your network is like a large chef’s knife in the kitchen—necessary, but potentially dangerous.
Privileged accounts are typically given only to systems administrators and others who need elevated, unfettered access to a network’s underlying platform. Overall, that’s a good thing. But it also threatens your organization with two major risks:
For an example, Terry Childs, an application developer for the City of San Francisco, locked every member of the city’s IT staff out of all critical systems. These systems were connected by a network that Childs had helped develop, and he secretly locked down the network with a password only he knew.
Only after being arrested and spending 9 days in prison did Childs give up the password. Two years later, he was convicted of felony computer tampering and sentenced to four years in jail. In the meantime, his crime had cost the City of San Francisco an estimated $1.5 million in losses.
Such incidents are becoming more common. In fact, one security firm estimates that fully 100% of all advanced attacks are made by exploiting privileged credentials. Damage caused by privileged users or those impersonating them is the most extensive, hardest to mitigate and most difficult to detect because authorized users are doing things they are authorized to do.
A Ponemon Institute report involving more than 740 IT security and operations managers, found that nearly half of managers expect the risk of privileged user abuse to increase. Similarly, 60% said they believe their organizations are unnecessarily granting access to users beyond their roles and responsibilities.
When asked whether they thought the abuse would come from inside or outside the organization, respondents to the survey were evenly split. Nearly half said it was likely or very likely that social engineers outside their organizations would target privileged users to obtain their access rights. And 46% said it was likely or very likely that malicious insiders would target privileged users to obtain their access rights.
What’s the best way to protect against privileged access abuses? You can’t simply revoke this level of access. After all, your sys admins need access to your network’s inner workings. But you can take some concrete, protective steps. Here are 4 recommended by CERT and the SANS Institute:
To be sure, putting these policies into practice can be a challenge. That’s why Masergy recommends using behavioral analytics to anticipate and discover aberrant activities. To learn more, see Masergy’s Unified Enterprise Security white paper.