Privileged account details are often shared and can be a weak entry point for attackers
Privileged user accounts can be a way for attackers to infiltrate an entire network.
Speaking to SC Magazine, Matt Middleton-Leal, regional director for UK and Ireland at Cyber-Ark, said that rather than insiders being the threat when it comes to privileged users, it is often outsiders who break into the network perimeter and have access to the network.
He said: “They will get on the inside and if they have privileged credentials then it is hard to defend against. This was the case with the RSA attack. I talked to a CISO who said that this is the single biggest problem that they face now.
“Most organisations will have a password for a new system and it can be easy to change from a default password if you are managing between one and 20 servers, but as organisations grow and get more technology, then they have a management overload. So they then rotate passwords every 90 days and share passwords or there is no accessibility, especially if they are running tens of thousands of servers. Also, every time an action is carried out, they have to recycle the password.”
A recent survey of 236 IT managers and C-level professionals by Cyber-Ark found that 86 per cent of large enterprises either do not know, or have grossly underestimated, the magnitude of their privileged account security problem, while 51 per cent share privileged passwords internally.
Also, despite 82 per cent of respondents stating they have processes in place for changing privileged passwords, 53 per cent of large enterprises take 90 days or longer to change their privileged passwords.
Middleton-Leal said that users understand where the gaps are, particularly that they have more privileged accounts than users. “Recent attacks all used privileged accounts on the system; whether the attacker socially engineered the details out of someone or hacked into a weak system,” he said.