Ready to Start Your Career?
February 8, 2017
Privileged Password Security: How to Protect your Organization
February 8, 2017
You turn on the evening news and a breaking report flashes, “Major Data Breach of Huge Corporation, details at 11” and you immediately begin to question, “could this happen to my organization?”In the wrong hands, privileged accounts represent the biggest threat to enterprises and unfortunately are a reality for many companies who are not exercising the right precautions.According to the Black Hat 2016 Hacker Survey Report from Thycotic, 77% of Black Hat survey hackers believe no password is safe from hackers, or the government.“It is no longer acceptable for businesses to assume they can keep attackers off their networks,” said Jim Legg, CEO, Thycotic. “The most damaging cyber-attacks occur when privileged credentials are stolen, giving attackers the same level of access as internal people managing the systems. This puts an organization at the mercy of an attacker’s motivation – be it financial, ransomware or other harm to the business.”This is where privileged password security comes in.Privileged password security is a type of password management used to secure the passwords for login IDs that have elevated security privileges.It is critical that you have password protection policies in place to prevent unauthorized access and demonstrate security compliance.In the words of Nick Cavalancia, Founder of Techvangelist, “No two privileged accounts are necessarily the same. A “privileged” account can have access to anything from slightly elevated permissions on a single workstation, to every part of your network – and anything in between. So, it makes sense that your security strategy around protecting these privileged passwords won’t be identical either.”What Cavalanica is pointing to, is a layered approach for privileged password security.Layered security, also known as layered defense, describes the practice of combining multiple mitigating security controls to protect resources and data.He advises, “Begin thinking about what layers are necessary as part of your privileged password security strategy, and how you will implement those layers. By putting a layered approach in place, you strengthen your company’s security stance, protecting it from misuse of privileged accounts by both internal and external offenders.”Chances are, your enterprise already believes in layers but it is best practice to perform a regular assessment. Ask yourself if your layers address the following issues:
- Who has access to a privileged account’s password?
- Where can that password be used?
- When can the password be used?
- How can the password be used?
- What kinds of accountability are in place to ensure proper use?
- Rotate passwords on privileged endpoints constantly
- Actively monitor privileged user access
- Enforce strong password policies for end users
- Educate your employees on privileged password security