There have been a slew of major data breaches in recent years. The number of records exposed in data breaches last year alone reached 174.4 million—close to five times the 36.6 million records exposed in 2016, according to the Identity Theft Resource Center.
Every time you turn around, an organization is in the headlines for having millions of records compromised. You need look no further than the recent Equifax breach in which sensitive information on more than 140 million individuals was stolen. And this trend is expected to continue, with Cybersecurity Ventures’ 2017 Cybercrime Report estimating data breaches and other cybercrime costing the world $6 trillion per year by 2021, up from $3 trillion annually in 2015.
In the vast majority of data breaches, stolen credentials and privileged accounts are the prime target for hackers. In fact, Forrester estimates that 80 percent of security breaches involve privileged accounts.
The Traditional Definition of a Privileged Account
Traditional privileged accounts are IT-based and have special active directory (AD) attributes. IT administrators use them to log into servers, switches, routers, and applications and perform tasks without restriction. This level of access means they can pose a significant risk to your company. Once obtained by hackers, the accounts can be used to access the most sensitive data, lock out legitimate users, and create ghost accounts and back doors that are not easily seen.
Some examples of traditional IT privileged accounts include:
- Local admin accounts are typically used by IT staff to perform maintenance or set up new workstations and often have the same passwords across platforms.
- Privileged user accounts give administrative privileges to one or more systems and usually have unique and complex passwords.
- Domain admin accounts have privileged access across all workstations and servers on a Windows domain. If these accounts are compromised, this could have catastrophic consequences for the organization.
- Emergency accounts, often called firecall or break glass accounts, give unprivileged users admin access to secure systems in an emergency.
- Service accounts are privileged local or domain accounts that are used by an application or service to interact with the operating system.
- Application accounts are used by applications to access databases and provide access to other applications.
What Privileged Really Means
While legacy security systems focus on protecting traditional AD privileged accounts, the traditional definition of privileged access simply is not adequate for today’s cybersecurity threats.
After all, privileged access has become much broader than just IT administrator accounts. With the move to digital, there are more users, accessing more critical systems and sensitive data. “Privileged” today must encompass any account that can cause reputational damage or that provides access to monetizable data, such as protected health information (PHI), credit card numbers, and social security numbers.
So, what do you do about these accounts that don’t fall under the standard definition, but still have access to confidential and critical data? There are business-privileged roles, such as payroll and social media manager accounts, which are not monitored by traditional AD-based security tools. And there are business systems and applications that require exactly the same protection as any of their high-risk or high-value internal IT systems.
The hard truth is that any unsafe system or individual puts everyone at risk. There are many avenues of access to your systems, and more must be done to protect all accounts, not just traditional privileged accounts.
The recent breach of multinational accounting and tax firm Deloitte demonstrates the risk that poorly secured accounts can pose to an organization. In this case, hackers were able to breach a server and gain access to the private emails of at least five million Deloitte clients. Their entry point was through an administrator’s account that was only protected by a password.
Your organization must adopt a zero-trust mindset, operating under the assumption that all users, endpoints, and resources are untrusted and therefore, always need to be verified in order to reduce the risk of a breach.
It’s Time to Treat Every Account as Privileged
If you do not broaden your understanding of privileged access, you are putting your organization at risk. In today’s world, the traditional definition of privileged access is outdated and ignores many critical systems that contain monetizable customer and credit card data. Stay tuned for our two part series where we’ll explore the top business systems that are putting your organization at risk.
And to learn more about how to treat every account as privileged, download the ebook, Why Your Organization Should Treat Every Account as Privileged. This ebook covers how to implement identity-driven security solutions and best practices that will enable your organization to assess the risk level of all accounts and properly protect critical business systems.