74% OF BREACHES START WITH Abuse of PRIVILEGED Access
That is quite a headline to start this page with, but unfortunately it is a fact. This Forbes article explores this topic to a great degree and, when combined with this report from Verizon, is quite alarming. Despite both of those articles being a few years old now, the reality is that little has changed and organisations are still being breached in exactly these same ways, in fact Verizon states that 81% of breaches were directly related to stolen, weak or default passwords which organisations failed to change to more secure ones. Which begs the question: what can an organisation do to minimise or even eliminate this threat?
Privileged Access Management (PAM)
Implementing a PAM solution can prevent, detect, and contain privilege-based cyber attacks and malicious or accidental privileged insider behaviour that puts your organisation at risk. A PAM Solution allows organisations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
Privileged access is often referred to as “the keys to the kingdom,” as they can provide the authenticated user with almost limitless privileged access rights across an organisation’s most critical systems and data. With so much power inherent of these privileges, they are ripe for abuse by insiders, and are highly coveted by hackers. Forrester Research estimates that 80% of security breaches involve privileged credentials. In an enterprise environment, “privileged access” is a term used for access or credentials that have special access or abilities above and beyond that of a standard user. Privileged access can be associated with human users as well as non-human users such as applications and machine identities.
Some of the examples of privileged access are:
- Super user accounts/Root accounts: A powerful account used by IT system administrators that can be used to make configurations to a system or application, add or remove users or delete data.
- Domain administrative account: An account providing privileged administrative access across all workstations and servers within a network domain. These accounts are typically few in number, but they provide the most extensive and robust access across the network. The phrase “Keys to the IT Kingdom” is often used when referring to the privileged nature of some administrator accounts and systems.
- Local administrative accounts: This account is located on an endpoint or workstation and uses a combination of a username and password. It helps people access and make changes to their local machines or devices.
Secure socket shell (SSH) key: SSH keys are heavily used access control protocols that provide direct root access to critical systems. Root is the username or account that, by default, has access to all commands and files on a Linux or other Unix-like operating system. - Service accounts: An account that an application or service uses to interact with the operating system. Services use these accounts to access and make changes to the operating system or the configuration.
- Secrets: Used by development and operations (DevOps) team often as a catch-all term that refers to SSH keys, application program interface (API) keys and other credentials used by DevOps teams to provide privileged access.
Implementing a PAM solution can prevent, detect, and contain privilege-based cyberattacks and malicious or accidental privileged insider behaviour that puts your organization at risk. A PAM Solution allows organisations to secure their infrastructure and applications, run business efficiently and maintain the confidentiality of sensitive data and critical infrastructure.
PAM is critical to help organisations meet cyber security best practices and compliance requirements. Implementing PAM as part of a comprehensive security and risk management strategy enables organisations to record and log of all activities that relate to critical IT infrastructure and sensitive information, helping them meet audit and compliance requirements. PAM helps organisations align with the Principle of Least Privilege, which means privileged access is only granted at the level necessary for people to get their jobs done. PAM reduces the attack surface by eliminating shared accounts and standing or excess privileges.
