Protecting Your Privileged User Accounts
Not keeping privileged user accounts secure is equal to handing over the keys to the kingdom
A thief is planning to rob a museum’s visiting jewelry exhibit. He or she could acquire the blueprints for the museum and plan an escape route, hack into the museum’s network and disable the security systems, and watch the security staff for days to learn their routines. Or he/she could just steal the keys to the museum and impersonate an employee.
If given the option, any reasonable thief would choose the second option. It’s the same return for less investment. Having the keys saves a lot of work. These days, when it comes to stealing your data, cybercriminals aren’t worried about bypassing your perimeter security and firewalls because they’ve found another way in, using rather simple tactics.
The Vulnerability of Privileged Users
By posing as an insider within your network, cybercriminals get the chance to obtain your sensitive data. If you were a criminal and you could be any insider, who would you be? The wise answer is a privileged user—someone with access to a wide array of data across the business that’s necessary to perform their job and therefore doesn’t raise any red flags when accessing data.
Eighty percent of security breaches involve privileged credentials, according to Forrester—including the Snowden NSA Breach and high-profile organizations such as Target.
Cybercriminals are taking full advantage of the fact that people are the weakest link in the cybersecurity chain. They are using social engineering as their tool of choice to obtain privileged user credentials, including phishing, baiting, man-in-the-middle and tailgating. Once inside your network, hackers and attackers can go undetected as an insider with advanced privileges—giving them plenty of time to extract data across your network.
Privileged users are seldom audited at the depth that would allow employers to become suspicious of their activity, even though they are the ones who need it the most. This leaves intruders using these accounts free to pilfer organizations information and resources. Powerful tools have been developed to combat this problem, and companies are adopting the technology to monitor behavior and secure their sensitive data.
Behavior is the Tip-Off
Organizations can use monitoring technology to spot anomalies in user behavior. The use of behavioral analytics is also a best practice: tracking users’ past behavior to predict future behavior. This gives organizations more accurate insight into users’ activity. In addition to monitoring exports and employee activity, these technologies look for deviations in user behavior such as time of login, disparities in geolocation and access of internal systems.
Let’s suppose that one of your mid-level managers starts to access your trade secrets or look into the infrastructure layout of your network within your Salesforce instance, something she has never done before. Behavioral analytics would proactively alert you about such unusual behavior, allowing you to block access immediately upon detection and prevent an incident from becoming a full-blown breach.
It’s All About Access
Organizations should implement training in addition to these monitoring technologies to mitigate risk associated with compromised privileged user credentials. From the receptionist to the CEO, employees should be trained to identify social engineering tactics. Furthermore, organizations should apply the “Principle of Least Privilege” to their employees’ permissions, which allows the least amount of privilege necessary for a user to properly perform their role.
Diligence and vigilance are required in this time of endless cybersecurity threat innovation. Malicious actors, both from within and without, aren’t content to stage a quick smash-and-grab; they would rather use privileged access to go undetected for as long as they please. Today’s network security goes far beyond securing your perimeter by focusing on the behavior of all those who have access to your network and your data. The guidelines above will help you monitor user behavior for faster detection and mitigation of threats.