Privileged Access and the Future of Security

By Andrew Slavkovic, Solutions Engineering Manager, ANZ, CyberArk

Industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management – which shines a light on the importance of protecting privileged credentials in today’s volatile threat landscape.

The widespread adoption of cloud, DevOps, robotic process automation, IoT and more has significantly broadened the threat landscape. With cybercrime costing Australian organisations and individuals an estimated $7 billion in 2018 alone, the need to build stronger cyber security capabilities is critical.

Privileged accounts allow access to all aspects of an organisation’s IT environment, which is why the majority of advanced modern-day attacks rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure.

While there is no panacea for cyber security, investing in privileged account security can significantly reduce the risk and consequences of an attack.

Here’s why businesses should consider managing privileged access as an essential practice to keep cyber-risks at bay:

Privileged credentials are the keys to critical assets  

Privileged accounts and the access they can provide to the domain controller level of IT infrastructure can drive hostile takeovers of networks and assets. Attackers know how to take advantage of these vulnerabilities and apply them to new environments, targeting cloud consoles and orchestration tools to gain control of the infrastructure.

An attacker with this level of privileged access can control any server, controller, endpoint or piece of data, anywhere on a network. They can run commands and infiltrate every aspect of the network infrastructure.

Regardless of the environment, proper privileged access security is the first step to protecting critical assets. 

Trust is not a security strategy

A recent report revealed that 10 per cent of malicious or criminal attacks involve actions taken by a rogue employee or insider threat and 9 per cent involve social engineering or impersonation. It’s clear that privileged users often abuse their access. Attackers can also target and assume control of a user account to masquerade as a privileged insider. The scenarios are limitless.

Having a privileged access management program in place to protect from these abuse scenarios is paramount for any enterprise to minimise security risk. With the Australian government phasing in the Consumer Data Right scheme with Open Banking in July 2019, this should be a key consideration for Australian banks. As banks make this shift, security measures must be reconsidered and updated to address the new risks ushered in by Open Banking.

In limiting privileged access, organisations also need to ensure that the right people are given the necessary levels of access to sensitive applications and infrastructure to do their jobs. A good privileged access management strategy will ensure activities occurring within an environment are not malicious, and enable security operations teams to have constant visibility and take quick action if they are.

Machines and applications outnumber us

Machines and applications requiring privileged access vastly outnumber people. The landscape of non-human privileged users is even larger. These machine entities are much harder to identify and monitor than human users.

Last year, a popular sportswear brand revealed its MyFitness Pal app was struck by a malicious attack. The US-based company saw approximately 3,977,385 Australian user accounts impacted by the attack. Commercial apps typically require access to parts of an organisation’s network, which an attacker can exploit. These applications are often the entry points that attackers leverage to access and compromise vital systems and data.

Organisations must ensure appropriate security protocols are in place to minimise vulnerabilities in applications that carry critical data and interact with critical systems. A good privileged access management tool gives security teams a complete picture of privileges across the network and detects anomalous activities as they occur.

Endpoint privileged pathways

Privilege pervades every device in an organisation. Built-in admin accounts are often used by IT teams as a convenient way to fix issues locally. Herein lies a huge security flaw that attackers can exploit to enter a network, and then move laterally from workstation to workstation, until they find something of value.

CyberArk’s Global Advanced Threat Landscape (2019) revealed that only 40 per cent of Australian organisations understood privileged accounts, credentials and secrets to exist on endpoints. To counteract insider threats and privilege abuse, it is imperative for organisations to limit local administrative rights on workstations as part of their security program.

Privilege can help with compliance

Finally, prioritising privileged access in a security and risk management strategy allows organisations to track all activities that involve critical IT infrastructure and/or sensitive information. These records can help a business ensure it is compliant with data privacy regulations.

Overall, understanding what presents the highest risk – unmanaged, unmonitored and unprotected privileged access – is essential to maintaining an organisation’s security posture.