What did the Sony and Anthem breaches have in common with an estimated 60-80% of all breaches? They all involve the use of compromised privileged (administrative) accounts.
Attackers using administrative credentials can move laterally across your network to conduct internal reconnaissance, maintain a presence, and ultimately accomplish their missions. Last year, it was estimated that 80% of security breaches involve privileged credentials. Privileged credentials provide greater scope for stealing data en masse than individual accounts do: With privileged credentials, attackers can dump the entire database, bypass network traffic limitation, delete logs to hide their activity, and exfiltrate data easier.
Another study uncovered a significant gap between policies in organizations and school to control use of administrative privileges and the implementation of controls needed to enforce those policies. For example, 67% of respondents said they have implemented policies to change all default passwords for applications, operating systems, routers, firewalls, wireless access points and other systems. However, fewer than 45% have implemented automated or even manual controls to enforce their policies.
One third of organizations do not have policies to change default administrative passwords, and that even when policies exist, they are not widely enforced.
Human nature being what it is, we are prone to take shortcuts and share administrative credentials across systems and across multiple administrators, as well as grant administrative privileges to users so they can install software themselves without troubling IT.
The biggest and easiest solution is to revaluate how administrative privileges are being handed out and only give the privileges to those who truly need it. Monitoring the use of administrative privileges can also help, along with educating your staff on how to properly use them.
Overall, keeping your information safe should be top priority, and keeping administrative privileges safe is a great way to do it.
(Story via Tenable)