Privileged Account Management (PAM)

With the increasing use of cloud computing and storage and interconnected Internet of Things, as well as the growing number of systems, remote users, and large volumes of data, today’s business  environment and security risks have changed enormously and require a shift in our security mindset and practices.

As the number of systems, users, and data grows, the need for a robust identity and access management solutions and experts becomes even more important to manage accounts and their access. Specifically, privileged accounts which offer the highest level of access to a system are prime hacking targets.

Most data breach incidents prove that privileged account passwords are compromised through social engineering techniques and other means to gain access to the most valuable functions and data of a system. Sometimes, user accounts with lower level permissions are escalated after account takeover to gain privileged access. When legitimate accounts are used to access systems, the intrusion often goes unnoticed for weeks allowing hackers to obtain as much information as necessary before taking action. To protect privileged accounts, owners of privileged accounts must be properly trained to protect their account passwords, use multi-factor authentication for access, and, monitor the accounts to detect any suspicious activity.

What are Privileged Accounts

Privileged accounts are accounts with elevated access permission that allow the account owners to access the most restricted areas of the system and execute highly privileged tasks. Just like typical user accounts, privileged accounts also require a password to access systems and perform tasks.

Typical Users of Privileged Accounts

A privileged account may be used by a human or a system. Privileged accounts such as administrative accounts are often used by IT professionals to manage software, hardware, and databases. Examples of non-human privileged accounts are system accounts with special permissions to run automated tasks. Privileged account users can perform tasks such as install a software, access restricted areas, reset passwords, and make other system changes.

Why Privileged Accounts Pose a Risk

The problem with admin and service accounts is that they are often shared, used across many systems, and may use weak or default passwords which make them great hacking targets given their ease of theft, widespread use across the organization, and highly elevated access permissions. In addition, the passwords of these accounts are often shared, weak, and not changed frequently which can be stolen with many specialized tools that hackers possess. Hijacking privileged accounts gives attackers the ability to access and download an organization’s most sensitive data, distribute malware, bypass existing security controls, and erase audit trails to hide their activity.

Industry analysts estimate that up to 80 percent of all security breaches involve the compromise of user and privileged account passwords and most compromised systems go undetected for over 200 days. A major reason for the ease of password theft is that more than 20 percent of companies fail to change well known default passwords such as “admin” and “12345.” And, to compound the problem, account owners use the same password for several different accounts.

Hackers exploit these weaknesses to elevate their existing permissions, access systems, data, and key administrative functions, and, conceal their activities.

Consequences of Compromised Privileged Accounts

Privileged accounts are powerful accounts that give full access to a system. Hackers can perform malicious activities, steal sensitive information, commit financial fraud, and often remain undetected for weeks or months at a time. After attackers compromise a system, they typically use the access to observe the system for a while and learn about the activities of users. Eventually the attacker can get an accurate picture of the target systems. Depending on the motive of the attackers, they can use privileged accounts to:

  • Change system functionality,
  • Disable access for some accounts,
  • Elevate access for some accounts,
  • Steal sensitive data for fraud, ransom, or revenge,
  • Poison data, and
  • Inject bad code or malware

How Privileged Account Passwords are Stolen

Up to 80 percent of breaches result from stolen passwords. Hackers’ most preferred pathway to privilege exploitation is to steal account credentials. Hackers may use malware or social engineering to steal account information for gaining unauthorized access. Employees are typically fooled by phishing scams that ask them to click on a link, download an attachment with malware hidden inside, or enter their passwords into fake website forms. In many cases, these scams appear to be legitimate requests from an employee’s manager, company executive, or another trusted source.

High Profile Security Incidents and Statistics

  • Most companies face the threat of a data breach by a criminal group in 51% of the cases vs. 18% by a state-sponsor actor.
  • Just over 60% of breaches involve hacking.
  • 81% of hacking-related breaches leverage stolen and/or weak passwords.
  • 43% of breaches involve social attacks (including phishing, pretexting, and spearphishing).
  • 14% of breaches involve employee errors, while another 14% involve privilege misuse.
  • 51% of breaches include malware, and 66% of that malware is delivered by malicious email attachments.
  • 27% of breaches are discovered by third parties.

In a high profile incident, JP Morgan Chase discovered in 2014 that hackers were reportedly able to gain “root” privileges on more than 90 of the bank’s servers, which meant they could take actions including transferring funds and closing accounts. Hackers stole names, addresses, phone numbers and email addresses as well as internal information about 76 million persons and 7 million small businesses.

Privileged Account Management (PAM) Tips

  • Identify privileged accounts,
  • Decide who needs or has privileged access,
  • Define when privileged accounts can be used,
  • Have an incident response plan,
  • Monitor privileged account activities, and
  • Select strong passwords and change them frequently. Privileged account passwords should be set to very large, complex values and stored securely. They should never be shared or used to access multiple systems.

Select the appropriate training and certification for managing privileged accounts.