Lock up admin accounts to defeat hackers, says Cyber-Ark

Hackers typically target privileged admin accounts to gain access to all computer systems, says David Higgins, senior sales manager Cyber-Ark

Hackers typically target privileged admin accounts to gain access to all computer systems in an organisation, says David Higgins, senior sales manager Cyber-Ark

“In many organisations, these accounts are not well managed or controlled, giving hackers unfettered, unaccountable access,” he told the Whitehall Media Identity Management 2013 conference in London.

This is compounded by the fact that there are typically up to four times as many privileged accounts as ordinary user accounts in any organisation.

Hacking attacks typically begin with intelligence gathering, followed by phishing emails to gain access to systems and, once inside, collecting credentials to escalate privilege.

This approach is common and has been used in many high-profile breaches, including the one at RSA, the security division of EMC in 2011.

“If hackers are able to gain control of a privileged account, they are able to bypass most conventional security controls to access and exfiltrate data and then delete the evidence,” said Higgins.

Read more about privileged accounts

For these reasons, he said, it is important that privileged accounts are never shared and that admin passwords are never static.

“Putting some controls around privileged accounts is an important and simple strategy for making it more difficult for attackers to gain access to sensitive data,” said Higgins.

Ways of creating control points include requiring multi-factor authentication before allowing privileged access and continuous monitoring of users, he said, for both compliance and security reasons.

Organisations should also apply the principle of least-privilege, which is the practice of limiting access to the minimal level that will allow normal functioning.

Without controls to manage all areas of privileged access, he said, it is impossible for organisations to identify malicious activity and prevent hackers from abusing these accounts.


Read more on Hackers and cybercrime prevention