Recent trends in security breaches show that hackers are resorting to the most obvious method of attack in order to access and profit off of your sensitive information – the front door.
I’m referring to privileged account credentials, the hacker’s most coveted asset.
Remember the Target breach? On December 12, 2013, the retail giant was enjoying crowds of shoppers and peak season profits. Within a week, on December 18th, the media spotlight shined brightly on the company, exposing a security breach which leaked the credit card information of about 40 million consumers. This stirred a wave of bad publicity and anger towards the company and filled their offices with a small army of investigators in black suits.
“Cyber Attack” connotes a large scale, coordinated effort to bring down or hack systems and gain access using powerful equipment; however, the Target breach proves that cyber criminals can be much more subtle and still cause massive damage. They lurked in the shadows of Target’s network looking for one thing: Privileged access. This wasn’t difficult considering that Target had around 445,000 over-privileged accounts. (This number seems absolutely INSANE, but I’d be willing to guess it’s actually more common than we think. It happens over time when organizations assign privilege without a way to monitor it or revoke it.)
Once the criminals obtained credentials, it was game over. They moved into the system, elevated privilege, and wreaked havoc. The incident cost Target hundreds of millions of dollars, 19 million of which was allocated to banks and consumers to reissue credit cards and cover fraudulent transactions.
Security professionals are constantly asking themselves “How exposed am I?” rather than “Am I exposed?” No system is 100% secure, but some systems are drastically more secure than others. Target had close to half a million over-privileged accounts. Their exposure level rivaled that of a marooned sailor on a rowboat in the middle of the ocean without sunscreen or a hat. Corporations that gamble with these dangerous levels of risk are the ones that end up making headlines for the wrong reasons – just like Target did.
To avoid the same fate, you must constantly assess your risk level. I guarantee that Target’s IT leaders were unaware of the gravity of their privilege situation until the problem exploded in their faces. Had they caught it in the early stages, they could have mitigated the damage and avoided headlines, lawsuits, and fines.
Where does your organization lie in the privilege management spectrum? Are you aware of how many privileged users exist in your environment? Do you know that you have too many privileged accounts and are unsure how to solve the problem? (hopefully you have less than 445,000 or I might be writing one of my future posts about you) What level of risk are you willing to accept? If you are currently restricting and monitoring privilege within your organization, I applaud you, and I bet you’ve discovered that privilege management is a process that can be continuously improved rather than just a quick fix.
Verizon’s “Data Breach Investigations Report” should be almost a sacred text for security experts. Seriously, it’s that good. The report is well written, compiled from over 60 sources, and gives reliable insight into current trends. If it isn’t in your yearly reading regimen, I highly suggest you add it.
Statistics from this years report show exactly how most criminals are executing successful system breaches:
Notice how the entire process leverages privileged credentials to access sensitive data. It’s as simple as this: If the hackers don’t get these credentials, it’s difficult for them to hit their payday.
The question now is this: What is the best approach to managing privileged accounts while still allowing for operational efficiency? The mindset that security exists at the expense of operations is false and needs to be thrown out to allow for secure and efficient environments. There is a proven approach to privileged account management that allows for both, and companies who have applied it have created secure and highly operational IT infrastructures.
How many privileged users do you have, where are they, and how pervasive are their privileges? Answering these questions is the first step in reducing privilege risk. Take into account privileged accounts and privileged identities.
With potentially thousands of privileged identities roaming freely over your network, the problem is not going to go away overnight. Users don’t like having their privilege reduced, especially if they don’t understand why it needs to be reduced and/or feel that they will no longer be able to effectively do their job. Your plan must be able to tactfully handle these issues.
Once you have your remediation plan, it’s time to execute it. This plan should eliminate unnecessary privileged accounts, which will greatly reduce your risk and exposure. It can’t do away with them completely, however, as privileged accounts are a critical tool and asset in facilitating operations. A privilege account management solution can provide excellent monitoring tools as well as features such as password check in/check out, which does away with major problems such as 24/7 privileged access.
Once you’ve executed your plan, it’s important to continuously monitor privilege across your network as a whole. This helps avoid problems such as privilege creep, where users or accounts slowly increase their privilege over time, or privilege elevation where hackers gain access to one account and move laterally across the system. It’s also important to be on the lookout for accounts that try to access systems that are outside of their scope of privilege.
This post serves as a great starting point to manage privilege in your organization, however; it is only a brief overview of a solution to a complex problem. In the future, we will dive deeper into each of the issues and solutions, providing insight into each of the steps in the privilege management process as well as how to incorporate additional layers of security, building a truly adaptive approach to securing your systems.
For now, I suggest you to watch this webinar about privilege management, When Privileged Insiders Attack, with our security experts, and to be on the lookout for our future posts!