Weak Security Checks and Balances Compound Privileged Access Risks

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The U.S. Department of Interior recently released a report concluding that two dams critical to national security operate with an elevated risk of insider attacks – too many employees have access to admin accounts and industry best practices are not followed.

The dams are among five operated by the U.S. Bureau of Reclamation. The report finds that account access isn’t always revoked when employees leave, and the agency isn’t conducting robust enough background checks for employees with high-level privileges. The full report can be found here.

Even though cyber security best practices are well documented and critical infrastructure is a known target, we continue to learn about security gaps that should be addressed with high priority. It’s a fact that employees need a certain amount of privileged access to do their job successfully. Best practices account for this – giving an appropriate level of access for employees while following a “trust but verify” approach. If proper controls are not in place and followed, organizations are exposed to risks with known and unknown consequences.

Would an employee compromise a system from within, disrupt operations and potentially conceal malicious activity? Yes, we see the headlines regularly, and this isn’t a new problem.  For example, in 1999, a former employee with a pirated copy of control system software and a two-way radio transmitter wreaked havoc on a sewage system in Australia, stopping pumps and alarms and allowing thousands of gallons of sewage to flood the landscape. (The “Maroochy Incident” is discussed in an episode of the “Malicious Life” podcast:  http://malicious.life/episode/episode-7-stuxnet-part-1/ ).

When it comes to government agencies and exploiting privileged access, names such as Edward Snowden, Chelsea Manning and Joshua Schulte readily come to mind.

Trying to stop insider attacks from a human-centric approach is impossible, simply because humans are unpredictable. What is predictable, though, is that attackers need to exploit privileged access to reach sensitive information and exfiltrate it. For this reason again, security controls must be in place.

While some may argue that operational concerns override security, it is possible to achieve an effective operational and security balance. Locking down privileged access is an effective way to break the attack chain, and CyberArk has the framework and the tools to jump start and improve security for organizations both in the private and public sectors. Even more specifically, CyberArk solutions provide steps to safeguard critical infrastructure.

Some items to consider when balancing operational and security concerns:

  1. Identify and prioritize privileged access within the environment.

In order to identify which accounts need to be protected and which need to be restricted, it is important to assess the environment’s status. CyberArk’s Discovery and Audit (DNA) tool can help organizations locate privileged accounts and discover whether the accounts are currently active. Once organizations know the full status of their privileged accounts, it is easier to create a security plan to monitor and control access.

  1. Tackle the highest risk access first.

Once privileged access has been identified, the organization can plan for a privileged access security hygiene program. CyberArk has tools to promote and provide for protecting privileged access in a variety of ways, including vaulting credentials (Enterprise Password Vault), isolating sessions that use those vaulted credentials (Privileged Session Manager), and continuously monitoring usage of those privileged accounts and responding when necessary (Privileged Threat Analytics).

  1. Enforce principles of credential boundaries.

Separate assets into tiers according to criticality of systems and then allow access to accounts that can authenticate into those assets. For example, Tier 0 are absolutely mission-critical assets; Tier 1 are any servers that do not fall into Tier 0; and Tier 2 include endpoints. Each tiered asset should only have accounts that are accessible within its tier. The idea is that if an attacker compromises a workstation that is in Tier 2, they cannot move laterally to Tier 0 and 1 assets.

  1. Promote cyber hygiene best practices.

It’s one thing to have the proper tools – it’s another thing entirely to utilize those tools strategically to the organization’s best advantage. Password vaulting and management, isolation of privileged account access and limiting the number of users with administrative privileges all combine to reduce the organization’s attack surface.

Removing passwords from the hands of admins, so that they don’t have to remember passwords, write them down or save them in easily accessed documents, makes their lives easier – an operational win. Vaulting those passwords and securing credentials where they are not easily breached or stolen is a win for security. Organizations do not have to choose between the two, as long as they use the right tools in the right setting.

Read our whitepaper to learn more about the CyberArk Privileged Access Security Cyber Hygiene program, and visit www.cyberark.com to learn more about how CyberArk solutions can assist in securing Industrial Control Systems

The post Weak Security Checks and Balances Compound Privileged Access Risks appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?