This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Privileged account details are often shared and can be a weak entry point for attackers

Share this article:

Privileged user accounts can be a way for attackers to infiltrate an entire network.

Speaking to SC Magazine, Matt Middleton-Leal, regional director for UK and Ireland at Cyber-Ark, said that rather than insiders being the threat when it comes to privileged users, it is often outsiders who break into the network perimeter and have access to the network.

He said: “They will get on the inside and if they have privileged credentials then it is hard to defend against. This was the case with the RSA attack. I talked to a CISO who said that this is the single biggest problem that they face now.

“Most organisations will have a password for a new system and it can be easy to change from a default password if you are managing between one and 20 servers, but as organisations grow and get more technology, then they have a management overload. So they then rotate passwords every 90 days and share passwords or there is no accessibility, especially if they are running tens of thousands of servers. Also, every time an action is carried out, they have to recycle the password.”

A recent survey of 236 IT managers and C-level professionals by Cyber-Ark found that 86 per cent of large enterprises either do not know, or have grossly underestimated, the magnitude of their privileged account security problem, while 51 per cent share privileged passwords internally.

Also, despite 82 per cent of respondents stating they have processes in place for changing privileged passwords, 53 per cent of large enterprises take 90 days or longer to change their privileged passwords.

Middleton-Leal said that users understand where the gaps are, particularly that they have more privileged accounts than users. “Recent attacks all used privileged accounts on the system; whether the attacker socially engineered the details out of someone or hacked into a weak system,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA/FBI/Europol launch global cyber crime-busters, J-CAT

NCA/FBI/Europol launch global cyber crime-busters, J-CAT

The UK's National Crime Agency (NCA) has joined forces with the FBI and Europol to launch a new global crime fighting team, led by the NCA's Andy Archibald.

NATO members to get cyber war protection

NATO members to get cyber war protection

Nato cyber defence policy to declare that a cyber attack on any one member country is an attack on them all.