You know you’ve got them. Employees with nearly unfettered access to every nook and cranny of your organization’s network, devices and servers. While often a necessity in the digital age, privileged users represent a huge cybersecurity risk that you should not overlook. Employees who hold the “keys to the kingdom” are an appealing target for hackers, offering an easy way for them to gain access to those same networks, devices and servers. Financial information, individual user accounts and sensitive client information are all just a few keystrokes away for a cybercriminal who can breach your network using privileged credentials. And here’s the really bad news: privileged users themselves, the humans behind the credentials, don’t seem to be taking their responsibilities seriously. A recent joint Forcepoint/Ponemon survey of 700 IT operations and security managers found that 66 percent of respondents believe “privileged users access sensitive or confidential data simply out of curiosity.” Worse: “just 43 percent of commercial organizations and 51 percent of federal organizations currently have the capability to monitor privileged user activity.” Additional research also shows many organizations seem to be failing at privileged user enforcement. A Thycotic/Cybersecurity Ventures survey of 500 IT security professionals revealed that 52 percent of those surveyed received a failing grade on privileged account security. This, despite the fact that 80 percent of respondents considered privileged user security a high priority. “Weak privileged account management is a rampant epidemic at large enterprises and governments globally,” Steve Morgan, Cybersecurity Ventures founder and CEO, told CSO Online.
“Privileged accounts contain the keys to the IT kingdom, and they are a primary target for cybercriminals and hackers-for-hire who are launching increasingly sophisticated cyber-attacks on businesses and costing the world’s economies trillions of dollars in damages," said Morgan.
As with most cybersecurity issues, we see the solution to the privileged user threat as twofold. Many technical solutions exist to combat attacks against these privileged users, including free tools that identify any unknown or untracked privileged accounts within an organization’s network. IT departments should also automate privileged account management, eliminating the need for manually updating spreadsheets containing privileged user account credentials. However, privileged user security should not stop at digital defenses. Behind most privileged accounts is a flesh-and-blood privileged user. An employee with (most likely) the best intentions in mind but also the capacity to make costly mistakes. Cyberattackers know this, as shown by the fact that 74 percent of phishing email links in 2015 were after login credentials. All the technical safeguards in the world will not take the place of a fully-security-aware employee, especially if that employee is counted among your privileged user population. Security awareness is best achieved through a wide-ranging training program, with content tailored to a privileged user’s specific concerns and responsibilities. Just as privileged users hold the keys to the kingdom, looking at this threat from a human perspective is the key to success in securing privileged users.
About the Author: Tom Pendergast, Ph.D., is the chief architect of MediaPro’s Adaptive Awareness Framework, a vision of how to analyze, plan, train and reinforce to build a comprehensive awareness program, with the goal of building a risk-aware culture. He is the author or editor of 26 books and reference collections. Dr. Pendergast has devoted his entire career to content and curriculum design, first in print, as the founder of Full Circle Editorial, then in learning solutions with MediaPro. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
