44% of data breaches in the last year involved privileged identity

Only 41% of privileged accounts are assigned to permanent employees of the business with the majority being made up of contractors, third-party vendors and resellers – indicating IT has less visibility of privileged account access.

  • Friday, 18th May 2018 Posted 6 years ago in by Phil Alsop
Nearly half (44%) of data breaches in the last year involved privileged identity according to a research report from Balabit, a One Identity business and a leading provider of Privileged Access Management and Log Management solutions. The report titled, IT Out of Control, also revealed that only two out of five (41%) of these privileged accounts are assigned to permanent employees with the majority being made up of contractors, vendors and third-parties. This is a problem that is getting worse, with 71% of businesses saying the number of privileged accounts in their network grew last year, and 70% expect the number of accounts to grow even more this year.

The IT out of Control eGuide is part of the Unknown Network Survey, which was conducted in the UK, France, Germany and the US, and reveals the attitudes of 400 IT and security professionals surrounding their concerns over IT security and their experience of IT security breaches, their understanding of how and when breaches occur and how they are trying to combat hackers and privileged account misuse.

 

Trust but verify – are businesses losing control?

When privileged accounts are misused in a data breach, often a malicious insider has misused their access, or a criminal hacker has hijacked the account through social engineering methods. Subsequently, finding the identity of the criminals is an impossible task. It should come as no surprise that IT teams have low confidence when it comes to having visibility of what is going on in their networks, with only 48% believing they can account for all permanent staff’s privileged access and the data they have access to. Only a further 44% believed they could account for all third-party vendors’ privileged access and the data they have access to.

This has led to 58% of respondents saying their company must take security threats related to privileged accounts more seriously. Worryingly, 67% of respondents say it’s quite possible that former employees retain credentials and can access their old organisation’s network.

This highlights the urgent need for the board to recognise the risks of privileged account misuse. More privileged accounts have led to increased risks for organisations. Simultaneously, it has become increasingly difficult for IT managers to keep track of who is accessing what data files and applications. As a result, ensuring that trust is validated and verified has become an overwhelming undertaking. In the same way that trusted employees can turn on a business, so can a vetted outsider.

‘Privileged Identity Theft is a widespread technique in some of the largest data breaches and cyber-attacks. A wide range of organisations have fallen victim to sophisticated, well-resourced cyber criminals but often these attacks are easy to carry out, through the use of social engineering techniques such as a simple phishing email.’  said Csaba Krasznay, Security Evangelist, Balabit.  ‘Measures exist to mitigate the risks of the attack. Relatively straightforward process improvements combined with the correct technologies such as session management and account analytics can help detect compromised privileged accounts and stop attackers before they are able to inflict damage on organisations.’

Solutions such as privileged access management (PAM) can help. Unlike traditional security systems, which see IT managers relying on manual methods of privileged user management, PAM provides replicable processes to track and manage privileged credentials. 

When it comes to an effective security strategy, there are three pillars of defence that need to be taken into account. The first line of defence should be Password Management tools which protect privileged credentials. The second should be Privileged Session Management, which continuously monitors privileged accounts to identify anomalous activity. The third pillar should then be Privileged Account Analytics, a continuous verification of users, based on behaviour. Security teams can then identify whether a privileged account has been hijacked or if a trusted insider has turned malicious.

Nowadays, cyber breaches are coming from all directions. Businesses must be able to protect themselves from threats at home as well as those from the unknown corners of the internet. But with the proliferation of third-party partners, contract workers, remote working and BYOD policies protecting an organization is now a borderless challenge.