The Hidden Dangers of Privileged Accounts
Written by Darren Harrison
Why Cybercriminals Are After The “Keys to Your Kingdom”
One of the biggest recent trends in cyber security is the targeting of privileged accounts by cybercriminals. These accounts, often referred to as the “keys to the kingdom,” provide special access to sensitive information and critical systems within an organisation’s IT network.
The Unfortunate Reality
Industry analysts estimate that 60-80% of all security breaches now involve the compromise of user and privileged account passwords. This statistic alone should be a wake-up call for organisations of all sizes.
Privileged accounts are particularly attractive to cybercriminals for several reasons:
1. These accounts typically have the highest level of access within an organisation’s IT infrastructure.
2. With just one compromised privileged account, an attacker can gain access to virtually any information within an organisation’s network.
3. Cybercriminals can easily hide their malicious activities under the guise of legitimate administrative actions, making it difficult for other security tools to stop the activity.
An Attacker’s Playbook
The most common path to compromising privileged accounts follows these steps:
1. Compromise an end-user account using malware or social engineering techniques like phishing scams.
2. Elevate privileges using techniques like Man in the Middle or Pass the Hash attacks.
3. Use this to move freely within the network, accessing core network services and remaining undetected for extended periods.
Help Yourself
Many organisations inadvertently make themselves vulnerable through practices such as:
- Using common passwords across multiple systems
- Unauthorised sharing of credentials
- Failing to change default passwords (over 20% of companies are guilty of this)
- Relying on human generated passwords (these are often weak, easily guessable credentials)
If You Are Unlucky
When a privileged account falls into the wrong hands, the consequences can be severe:
- Attackers can access and steal sensitive information.
- Attackers may use the access to commit financial crimes.
- Many breaches can go undetected for more than 200 days, a period known as the “dwell time” – this gives attackers ample time to do maximum damage to your environment.
Protecting Your Organisation
To safeguard against these threats, organisations need to implement robust Privileged Access Management (PAM) strategies, including:
- Regular password rotation
- Implementing least privilege principles
- Monitoring and auditing privileged account usage
- Employing multi-factor authentication
Remember, in the world of cyber security, your privileged accounts are your crown jewels. Protect them accordingly.
If you want to get ahead of the curve or verify your security posture, why not consider giving Ekco a call? We have the partnerships, we have the talent, and we have it in abundance.
Our team of experts can help you implement a comprehensive PAM strategy tailored to your organisation’s unique needs, ensuring that your crown jewels remain secure.
Question?
Our specialists have the answer