Registration
What do seven of the ten largest data breaches in the 21st century have in common? Privileged identity theft, the compromise of credentials to privileged accounts, was explicitly mentioned or indicated in post-mortem reviews of these mega-breaches.In these breaches, well-resourced, external actors, some with the backing of nation states, were able to gain the credentials of users with access to privileged accounts such as administrative or service accounts enabling them to collect and exfiltrate massive amounts of data. Although difficult to quantify the impact of these breaches, the total number of records is in the billions and includes credit card details, user accounts, employee information, health records and more. By stealing the identity of a privileged user, one with access rights to administrative and service accounts cyber criminals can steal data on an industrial scale. And these mega-breaches don't include security incidents involving intentional sabotage to critical assets.
How can you protect your organization against Privileged Identity Theft?
Let's figure out why privileged identities pose such a risk to enterprises, how they are compromised by attackers, how current methods fail to stop these threats, and how your organisation can protect itself.
What are privileged identities?
Digital identity and access management (IAM) are the policies, processes, and technologies that digital businesses employ to establish identities and control access to their resources across dynamic ecosystems of value. This practice becomes more complex and riskier when applied to privileged accounts which include the following types:
These include user accounts that are assigned to individuals with administrative roles that require elevated privileges, providing access to all standard user and privileged operations.
These accounts, such as root on Unix/Linux systems or Administrator on Windows systems, are embedded in systems or applications.
These include shared accounts used for administration and installation as well as service accounts (also known as application accounts) that enable remote software-to-software) interactions with other systems, or to run system services.
Operational
accounts
System
accounts
Administrative
accounts
How do attackers compromise privileged credentials?
The IT security community has come to the realization that perimeters cannot keep the bad guys out. In the age of the digital economy with public facing apps, bring your own devices (BYOD), and hybrid IT networks, the ways to infiltrate a network are almost infinite and hackers exploit these gaps in several ways.
Selecting a vulnerable user
Selection of tactics for consolidation in the IT environment
Collecting information about the IT environment
Increased privileges for access to corporate data
Process Changes
One of the fastest ways to mitigate the risk of privileged identity theft is to remediate weak security practices. These are some quick wins your organization can achieve:
As IT environments grow the number of administrative, service and other types of privileged accounts can proliferate. Enterprises running networks with thousands or tens of thousands of servers and network devices often lack an accurate inventory of these assets.
Get a comprehensive and up-to-date list of privileged accounts
Limit the scope across the infrastructure of any privileged account to enforce the principle of least privilege: Each account should have exactly the minimum rights required to carry out a specific task. For example, an account set up for administering an application should not have any system privileges beyond what is needed to make changes to the application's configuration and to restart the application. On a similar note, avoid enabling accounts on systems where they are not needed.
Limit Scope for Each Privileged Account
How can you protect your organization against Privileged Identity Theft?
As IT environments grow the number of administrative, service and other types of privileged accounts can proliferate. Enterprises running networks with thousands or tens of thousands of servers and network devices often lack an accurate inventory of these assets.
Delete accounts and privileges that are no longer required
Limit the scope across the infrastructure of any privileged account to enforce the principle of least privilege: Each account should have exactly the minimum rights required to carry out a specific task.
Implement a formal password policy
Full version of the document is available for download
Download Your Free
White Paper
Download the full document after filling out the form
One Identity regional representative in Baltic region