The Danger Of Privileged Accounts
Not long ago, an employee of the cloud storage company Dropbox was the cause for many of its users receiving spam messages. The employee had reused their password on another, less secure website, which was subsequently hacked. The hackers used the stolen credentials to gain access to the more lucrative Dropbox account and steal confidential company documentation containing user email addresses. This incident highlights a growing trend. In a backlash against the increasing requirements for complex passwords, users choose to reuse one or two sets of credentials on many different websites. There is a rise in hackers creating spear phising attacks, using social media and hacking smaller, less security conscious websites (the low hanging fruit) in order to obtain the “keys to the kingdom” of the more lucrative and financially rewarding sites.
Why Is This A Concern For Your Organisation?
It’s getting harder to control which passwords users know and where they use them. Consider the rise in the outsourcing of ICT and network maintenance. Large security-conscious companies are contracting out functions to small- to medium-sized organisations - the same segment where Verizon’s Data Breach Investigations report has shown an increase in breaches over the past few years. Attackers are targeting vulnerabilities in the trusted supply chain to bypass the firewalls and gain access inside the perimeter of their actual targets.
The realisation is that passwords are not as secure as we would like them to be and organisations need to rethink their security procedures inside the network. The first step is to identify all current privileged identities or shared accounts. These are the “all powerful” credentials used by human/automated processes to make wide-ranging changes to the network.
To prevent users from reusing and accidentally sharing these privileged credentials, organisations need to employ a technological barrier to separate them. The result is that users or applications authenticate themselves to a central server with one set of credentials and the server then authenticates to the end device with a different set of secret credentials. The advantages are obvious. The chances of a direct attack on an end device are less likely to succeed if the secret credentials are highly complex and changed automatically at periodic intervals. Secondly, the central server always knows the identity of the real user trying to use the anonymous shared account credentials.
Organisations can employ privileged identity management by concentrating security resources on protecting the central server, rather than spreading resources thinly over all the end-devices on the network. If a reused password is exploited, then there are two forms of defence. The first is quick and easy retraction of the central server authorisation, without affecting other users or the operations of the end devices. It is possible that user access was based on timed controls and the account is disabled before a window of opportunity presents itself.
The second line of defence is auditing. If the technology provides audit logs and video playback of hacker activity, then damage control is made easier. The system can be rolled back to a working state before the attack.
Our SAMS Solution
By implementing our SAMS software in your organisation, you can lessen the risk associated with unmanaged privileged accounts. SAMS will centralise your user management of privileged identities and will proxy all connections, providing audited access to privileged devices. To learn more about the SAMS software, click here.