A Guide to Managing and Securing Privileged Users

If you look at any IT environment you will see privileged accounts are everywhere. They are the building blocks for managing vast networks of hardware and software that power the data-driven world we live in today.

As a global leader in IT security, Thycotic provides Privileged Account Management (PAM) solutions that protect an organisation’s most valuable assets from being compromised by external attacks and insider threats. Their PAM Security solutions help to minimise privileged credential risk and control applications on endpoints and servers.

Ensuring privileged accounts are managed and secured effectively is key to protecting backups, reducing the risks of ransomware attacks and helping organisations enhance their IT security. More than just software, PAM is a holistic approach that covers people, processes and technology.

Who uses them and where are they located?

Typically, the user of a privileged account is a system administrator (sysadmin). Responsible for managing the IT environment or specific software or hardware, system administrators can:

  • Install system hardware and software
  • Access sensitive data
  • Reset passwords
  • Log in to all machines in the IT environment
  • Use elevated privileges to make changes in IT infrastructure systems

Used to deploy and maintain IT systems, privileged accounts exist in almost every connected device, server, database and application. Meaning that the number of privileged accounts will often far exceed the number of employees in an organisation.

Why are privileged accounts prime targets for hackers?

It is estimated that around 60 to 80 percent of all security breaches involve the compromise of user and privileged account passwords. Weak passwords across multiple systems, unauthorised sharing of credentials and default passwords that are never changed leave organisations vulnerable to attack.

A recent Thycotic survey identified that more than 20 percent of organisations do not change default passwords, such as “admin” and “12345.” In addition to this, many rely on human generated passwords, which are often weak, easy to guess and in many cases the same password is used for multiple accounts.

How are privileged accounts are compromised?

Hackers preferred pathway to gain access to privileged account information is:

  1. Compromise an end-user account: Using either malware or social engineering to access desktops, laptops and servers. Hackers then act as a trusted source to trick employees to click on a link or download a piece of software with hidden malware or they will ask them to enter their password credentials into a fake website. This gives the hacker access to the user account.
  2. Access a privileged account: Once hackers have compromised a low-level user account, they can conceal their activities under the guise of a legitimate administrative user to gain access to privileged accounts and increase their access to applications, data and key administrative functions. The most common techniques are Man in the Middle or Pass the Hash attacks.
  3. Total access to the network: With privileged credentials, cyber criminals can access core network services and often remain undetected for weeks or months. Giving them plenty of time to spread malware and steal sensitive and valuable information.

Building a PAM Security solution

Building a solid foundation to manage and secure privileged accounts enables organisations to be more scalable and flexible when adopting new technologies. Effective management is crucial to protect valuable assets and ensuring only authorised users have access to data and systems.

In order to build a solid foundation, it is imperative that organisations should make cybersecurity awareness training a priority for those who will be using and accountable for privileged accounts. This training should extend to your executive team and IT policies should be specific to your organisation.

Develop PAM security rules and controls

An effective PAM Security solution should have clearly defined rules and controls covering everything from changing default passwords for privileged accounts to restricting shared credentials among IT administrators and evaluating privileged account expiration dates to avoid privileged access creep.

Having clear rules and controls can help you improve your PAM security and help you enhance your IT security across the organisation.

Protecting your organisation with PAM

It is vital that organisations protect their assets and valuable information safe from hackers, but Privileged Account Management doesn’t have to be a challenge. There are some practical principles any organisation can adopt to help them optimise their PAM security, including:

  • Avoid manual methods for PAM: Keeping a record of privileged account password credentials in an Excel spreadsheet is a dangerous and inefficient method of storing sensitive information. Automated PAM software solutions can help you save time and money while increasing the overall IT security within your organisation.
  • Employee training is key: Humans are often the weakest link when it comes to IT security which is why it’s important that your employees are educated about the threats and the methods used to gain access to privileged accounts. Consider the part employees own devices such as laptops, mobile phones and tablets play in your organisation and ensure you educate your teams on secure behaviours.
  • Limit IT admin access to systems: A least-privilege strategy ensures privileges are only granted and approved when they are required. Limiting access can help keep your organisation protected and prevent attackers from running malicious applications.

Next Steps

Organisations face a host of challenges when it comes to protecting critical and sensitive information. From the increase in sophisticated, targeted security threats by both external attackers and malicious insiders to complex IT environments distributed across vast geographical locations and in the cloud.

Contact MTI to discuss how our cyber security services can help strengthen your privileged account security and safeguard your organisation against cyber threats.