The Importance of Regularly Auditing Your Privileged Accounts
Many of today’s security incidents aren’t the result of complex hacks. Instead, cybercriminals often start their attacks by legitimately logging in to enterprise applications. You may not realise it, but chances are that some of your passwords and email addresses are on the Dark Web – along with some of your employees’.
According to Forbes, a 2020 dark web audit found almost 15 billion stolen passwords available online for hackers. Cybercriminals often purchase these passwords with cryptocurrency and then use them to log into enterprise email accounts, cloud accounts and collaboration tools.
The holy grail of corporate passwords is the privileged account. If a cybercriminal manages to get their hands on this kind of credential, the damage they could do is enormous. This is because these accounts’ passwords, tokens, keys, and authority make them perfect for stealing sensitive corporate data.
Too often, these user accounts are poorly secured. For example, companies don’t use multi-factor authentication, and passwords are too simplistic. Forrester estimates that over 80% of enterprise-grade hacks directly result from compromised privileged accounts. This means that threat actors are exploiting companies that fail to manage privileged account access properly.
The risks of this oversight are huge. A data breach could result in reputational damage, hefty compliance fines and loss of customers.
Organisations must regularly audit their privileged accounts to combat this threat – also known as privileged access management (PAM).
What Does It Mean to Audit Privileged Access Management?
PAM auditing is a process that ensures privileged account access is kept up to date, so only those accounts that need access have it. The method also aims to improve basic security controls to make privileged accounts harder to hack.
Firstly, part of the PAM process ensures that your employees only have access to the data they need to do their jobs. For example, standard users and guest users should not have the same level of access as IT administrators.
Some companies get lackadaisical when it comes to setting up new user accounts, and instead of taking the time to review each level of access and choose the best one for a particular user, they’ll simply give them “admin” access or another high level of access that they don’t really need. This increases the risk of a cloud account breach.
PAM involves managing these privileges continuously to reduce the risk of credentials compromise for privileged accounts, such as IT administrators and accounting team administrators.
Here is how to get started.
Identify Your Privileged Accounts
A privileged account is one that has administrative privileges. These accounts typically have almost unfiltered access to enterprise resources and sensitive data.
Common types of privileged accounts are as follows:
- Domain administrator accounts
- Local administrator accounts
- IT administrator accounts
- Service accounts
- Helpdesk accounts
- Application accounts
Once you have established the users in your organisations who have privileged access, you should put a continuous auditing process in place. This involves the following steps.
Regularly Review Privileged Accounts
No company is stagnant. Employees come and go, which changes the status quo regarding credentials. Because of this, you should have a mechanism in place to continuously review and establish what privileges each account has. You should ensure that every user has a strong password and has only the access needed to do their job.
You also want to ensure that there are no orphaned privileged accounts out there that should’ve been closed when an employee left the company or switched job roles.
Monitor Privileged User Usage
All privileged users’ actions should be monitored for suspicious activity. You should establish policies with your privileged users regarding what is acceptable under company protocol and what isn’t. Having this mechanism in place will make it easier to spot a cybercriminal that has hacked one of your privileged accounts.
Utilise Machine Learning
PAM solutions make the process of monitoring and flagging privileged accounts much more manageable. These solutions typically use machine learning, which automatically scans user behaviour for suspicious activities and sends alerts to your IT team or managed security provider as needed.
As well as putting PAM in place, you should also ensure that your company employs good password practices. In the remote working world, it’s more important than ever to verify that employees are who they say they are when they log in from a distance.
Solutions like multi-factor authentication, stringent password policies and corporate password managers can all help to keep your company safe from privileged account attacks.
Get Expert Help Putting PAM in Place
GKM2 can help your Sydney area business put helpful privileged account management policies into place and keep them updated as your technology infrastructure evolves.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.