A privileged account security solution is designed to be a complete solution to protect, monitor, detect, alert, and respond to privileged account activity. Privileged accounts represent the largest security vulnerability an organisation faces today. By Jeffrey Kok, Director of Pre-Sales, Asia Pacific and Japan, CyberArk
The recent findings of the Cyber Security Agency of Singapore present a rather worrying future for businesses and individuals alike. The study, commissioned to gather insights into respondents’ levels of cybersecurity awareness and cyber hygiene, revealed that while seven in ten respondents agree that every individual has a role to play in cyber security, not all of them practice safe cybersecurity measures. Despite being aware of the need for strong passwords, one in three respondents do not manage their passwords securely, for instance by storing their passwords on their computer or writing them down or use the same passwords for work and personal accounts. These practices paint a gloomy picture for privilege security, as easy or stored passwords stolen from an insider essentially present a gateway into the organisation.
Privilege escalation is at the centre of the cyber attack cycle. Why? Because attackers need the credentials of an insider, and administrative credentials give them the power to move laterally throughout the data centre, to access high-value servers and to take over domain controllers. Organisations now realise that securing privilege access is the first step they need to take to protect their organisation from damaging cyber attacks, but it is important to remember that privileged access is a security challenge across the entire IT infrastructure – not just the data centre.
Privilege accounts exist in every piece of technology in the organisation. Every server, every database, every application including SaaS, every domain controller, every hypervisor, and of course, every endpoint. Securing privileged access on the endpoint – an organisation’s laptops and desktops – is just as important as securing privileged access to servers and domain controllers.
Ownership Is Privilege
There are a number of reasons why privilege security at the endpoint is critical. I will keep it short and focus on one, very important concept – ownership of the endpoint. Privileged access provides a user with total control over the endpoint including the ability to decide who can do what on the machine. If control of the machine remains with a trusted systems administrator, the company controls it. The company retains ‘ownership’ of the device. Once an attacker gains privileged access to an endpoint, s/he has total control over that machine. Ownership now belongs to the attacker. As a result, the attacker can decide who can access the machine, create and modify user accounts, change configuration settings, disable/uninstall anti-virus, install malware, reset local passwords, access data that belongs to others etc.
Microsoft’s Security Response Centre’s 10 Immutable Laws of Security state this very clearly. There are multiple ‘laws’ that articulate the need to secure admin credentials, but read #6 carefully:
A computer is only as secure as the administrator is trustworthy
“Every computer must have an administrator: someone who can install software, configure the operating system, add and manage user accounts, establish security policies, and handle all the other management tasks associated with keeping a computer up and running. By definition, these tasks require that the individual have control over the computer. This puts the administrator in a position of unequalled power.”
This also covers the authorised administrators that make mistakes or go rogue, as well as any unauthorised user or executable using an administrative credential.
Knowing this fact, it is a mystery to me why organisations continue to add on layers of endpoint controls and detection without securing admin accounts. This most basic, but important, step in security control is missing.
Prioritise Privileged Account Security
Organisations have spent billions of dollars trying to protect their organisations from cyber attacks. In the recent Singapore budget announcement, the Government is similarly paying close attention to cybersecurity allocating more than S$80 million to support digitalisation and cybersecurity.
Yet the number of attacks continues to grow. Industry benchmarks show cyber crimes cost an enterprise organisation $15 million per year on average, with the overwhelming majority of attacks originating on the endpoint. Attackers know that user log-ins are far easier points of infiltration than network or software exploits. Organisations try to train their employees not to click on a malicious email, but phishing attempts persist and are increasingly sophisticated. Raising the bar for security literacy is a worthy endeavour in the digital age of business, but education will not contain an attack at the endpoint.
There will always be a new ‘threat du jour.’ Taking a layered approach to security is smart, but there is no silver bullet. For this reason, it is important to have measures in place to contain the damage of a breach and to mitigate risks. Remember the common denominator across every tool in your security toolbox: privileged accounts. For this reason and others, protecting privilege must be a priority.
Businesses need to realise the damage that can be done when an attacker has access to privileged credentials. Some companies have learned the hard way – and locking down privileged credentials was among the first actions taken during remediation.
The goal is to stop and contain damaging attacks at the endpoint. Instead of adding layers of preventative endpoint security controls on a weak foundation, companies need a proactive approach that contains attackers early in the lifecycle by interlocking three core capabilities: privilege management, application control and new targeted credential theft detection