In recent times a great number of organizations are highly concerned about the evolving threat landscape of cyber-attacks. This is due to the fact that large well-known enterprise organizations have fallen victim to cyber-crimes. Every year billions of records are stolen, identity theft increases, more credentials are abused and financial fraud is now extending into billions of dollars. This is the reason why senior executives are deeply involved in cyber security than ever before. While executives and CISOs continue trying to reduce the risk of these threats, compliance requirements are increasing, as well. The defence against cyber-crime should not rely on technology, but it must involve people, and therefore needs to be less complex and quick to value.
Start from the basics. Define what “privileged access” means in your organisation
The problem for many organizations is that they are not aware where to start and how they can easily adopt a privileged access solution that will lead them to success and maturity. Most of the companies are just getting started with protecting and securing privileged access need to identify which privileged accounts should be targeted as well as ensuring that those who will be using those privileged accounts are clear on the acceptable use and responsibility.
Before implementing a privileged access management strategy it is recommended to identify what a privileged account is for your organization and to map out what important business functions rely on data, systems and access. A good practice is to classify or categorize privileged accounts. This helps for the clear identification of the privileged accounts’ importance to the business and makes future decisions easier when it comes to applying security controls. Like any IT security measure designed to help protect critical information assets, managing and protecting privileged account access requires both a plan and an ongoing program. You must identify which privileged accounts should be a priority in your company, and ensure that those who are using these privileged accounts understand acceptable use and their responsibilities. After defining and discovering your privileged accounts, it is time to focus on their protection. The privileged account access must be constantly and proactively managed, monitored, and controlled.
In what ways privileged accounts could compromise your security?
Compromising the security is supposed to happen unintentionally. Unauthorized modifications to critical data can happen without thinking at any time. Besides, the files that store sensitive data can be shared without checking the legitimacy of the business need, getting you in serious trouble.
Privileged accounts have legitimate access rights, so if they engage in malicious actions, they would be quite difficult to spot. Malicious use of privileged accounts is a serious threat, since these users’ activity may not be closely monitored or they usually have the expertise to dodge controls and do maximum damage without leaving any trace.
- By attackers
Cyber attackers use different kinds of techniques to obtain the powerful credentials of privileged accounts. Phishing, brute force or coercion are the most familiar.
Despite the steady recommendations and strict regulations, many privileged accounts still remain poorly protected, ignored, or mismanaged, making them easy targets. Having that in mind, here’s a number of essential policies that every IT manager or security administrator should follow to avoid compromised privileged account management:
1. Provide training to all your employees
It is important for all your employees to be able to recognize suspicious or unsecure behaviour. This aspect is crucial nowadays, since phishing and social engineering attacks are getting more sophisticated and more personal devices are being used for business purpose.
2. Limit IT admin access to systems
Developing a least-privilege policy is another good tactic. That means that privileges are only granted when required and approved. Enforce least privilege on endpoints by keeping end-users configured to a standard user profile and automatically elevating their privileges to run only approved and trusted applications. For IT administrator privileged account users, you should control access and implement super user privilege management for Windows and UNIX systems to prevent attackers from running malicious applications, remote access tools, and commands. Least-privilege and application control solutions enable seamless elevation of approved, trusted, and whitelisted applications while minimizing the risk of running unauthorized applications.
3. Develop a privileged account password policy
It’s critical to create clear policies that everyone who uses and manages privileged accounts can understand and accept. Put in place a privileged account password protection policy that covers human and non-human accounts to prevent unauthorized access and demonstrate compliance with regulations. It is better to use long passphrases and multi-factor authentication for human accounts. For non-human (services and applications) accounts, passwords should be changed frequently. PAM controls automatically randomize, manage, and vault passwords, and enable you to update all privileged account passwords automatically and simultaneously.
4. Choose the right solution
There are various PAM technology providers to choose from, offering different kinds of features and deployment options. Before choosing, it’s important to define use cases for privileged access in your environment and preferred solution capabilities such as service account management, discovery functions, asset and vulnerability management, analytics, file integrity monitoring, SSH key management, and more. Some organizations prefer a vendor-independent technology partner to help them test and evaluate potential solutions. When it comes to a successful deployment, professional security assessments are helpful, by identifying what your privileged accounts are protecting and objectively detailing current security policies, controls, and processes.
5. Monitor accounts with analytics
Privileged accounts should be monitored continuously in order to identify outsiders leveraging stolen credentials, insiders that are not following policies and procedures, and malicious insiders. Privileged user behavior analytics solutions help you gain insight into privileged activity with a behavioral baseline based on machine learning algorithms that consider user activity, account behavior, access behavior, credential sensitivity, and similar user behavior. In case a breach occurs, monitoring privileged account use helps digital forensics identify the root cause and identify critical controls that can be improved to reduce your risk of future cybersecurity threats.
6. Implement multi-factor authentication for employees and third parties
According to Symantec’s Internet Security Threat Report, 80 per cent of breaches can be prevented by using multi-factor authentication. Implementing two-factor or multi-factor authentication for both PAM administrators and end users will guarantee that only the right people have access to sensitive resources.
7. Audit and analyze privileged account activity
Continuously observing how privileged accounts are being used through audits and reports will help identify unusual behaviors that may indicate a breach or misuse. You should capture every single user operation and establish accountability and transparency for all PAM-related actions. The automated reports also help track the cause of security incidents, as well as demonstrate compliance with policies and regulations. Auditing of privileged accounts will also ensure you cybersecurity metrics that provide executives with vital information to make more informed business decisions.
8. Prepare an incident response plan
An incident response plan is urgently needed in case a privileged account is compromised. When an account is breached, simply changing privileged account passwords or disabling the privileged account is not acceptable. If compromised by an outside attacker, hackers can install malware and even create their own privileged accounts. If a domain administrator account gets compromised, for example, you should assume that your entire Active Directory, so the attacker cannot easily return.
The execution of these eight policies are not supposed to be an end-all solution to security – there’s always more to be done.The proper management of privileged access helps organizations prevent devastating data breaches and comply with regulatory requirements. But at the same time it can be difficult for security teams that are understaffed and struggling to maintain access information across complex IT infrastructures. By providing comprehensive and clear visibility into privileged accounts, implementing least privilege, investing in the right solutions, and monitoring activity, you can be able to prevent privileged accounts from being abused and effectively tackle security risks both inside and outside your organization.