This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Privileged account details are often shared and can be a weak entry point for attackers

Share this article:

Privileged user accounts can be a way for attackers to infiltrate an entire network.

Speaking to SC Magazine, Matt Middleton-Leal, regional director for UK and Ireland at Cyber-Ark, said that rather than insiders being the threat when it comes to privileged users, it is often outsiders who break into the network perimeter and have access to the network.

He said: “They will get on the inside and if they have privileged credentials then it is hard to defend against. This was the case with the RSA attack. I talked to a CISO who said that this is the single biggest problem that they face now.

“Most organisations will have a password for a new system and it can be easy to change from a default password if you are managing between one and 20 servers, but as organisations grow and get more technology, then they have a management overload. So they then rotate passwords every 90 days and share passwords or there is no accessibility, especially if they are running tens of thousands of servers. Also, every time an action is carried out, they have to recycle the password.”

A recent survey of 236 IT managers and C-level professionals by Cyber-Ark found that 86 per cent of large enterprises either do not know, or have grossly underestimated, the magnitude of their privileged account security problem, while 51 per cent share privileged passwords internally.

Also, despite 82 per cent of respondents stating they have processes in place for changing privileged passwords, 53 per cent of large enterprises take 90 days or longer to change their privileged passwords.

Middleton-Leal said that users understand where the gaps are, particularly that they have more privileged accounts than users. “Recent attacks all used privileged accounts on the system; whether the attacker socially engineered the details out of someone or hacked into a weak system,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.