This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Privileged account details are often shared and can be a weak entry point for attackers

Share this article:

Privileged user accounts can be a way for attackers to infiltrate an entire network.

Speaking to SC Magazine, Matt Middleton-Leal, regional director for UK and Ireland at Cyber-Ark, said that rather than insiders being the threat when it comes to privileged users, it is often outsiders who break into the network perimeter and have access to the network.

He said: “They will get on the inside and if they have privileged credentials then it is hard to defend against. This was the case with the RSA attack. I talked to a CISO who said that this is the single biggest problem that they face now.

“Most organisations will have a password for a new system and it can be easy to change from a default password if you are managing between one and 20 servers, but as organisations grow and get more technology, then they have a management overload. So they then rotate passwords every 90 days and share passwords or there is no accessibility, especially if they are running tens of thousands of servers. Also, every time an action is carried out, they have to recycle the password.”

A recent survey of 236 IT managers and C-level professionals by Cyber-Ark found that 86 per cent of large enterprises either do not know, or have grossly underestimated, the magnitude of their privileged account security problem, while 51 per cent share privileged passwords internally.

Also, despite 82 per cent of respondents stating they have processes in place for changing privileged passwords, 53 per cent of large enterprises take 90 days or longer to change their privileged passwords.

Middleton-Leal said that users understand where the gaps are, particularly that they have more privileged accounts than users. “Recent attacks all used privileged accounts on the system; whether the attacker socially engineered the details out of someone or hacked into a weak system,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Queen's website hosts controversial tracking technique

Queen's website hosts controversial tracking technique

Advertising tracking called 'canvas fingerprinting' is used on many websites and identifies unique individuals and their browsing habits and works surreptitiously.

Could MH17 sanctions push Russia to cyber warfare?

Could MH17 sanctions push Russia to cyber warfare?

A leading cyber security academic has warned the US and European governments that tougher sanctions on Russia relating to the MH17 airplane crash could result in the start of cyber ...

Snowden, Ellsberg ask hackers to help obscure whistleblower activity

Snowden, Ellsberg ask hackers to help obscure whistleblower ...

Crowds of people came out to see Daniel Ellsberg chat with Edward Snowden at HOPE X conference.