Cyber criminals target admin accounts in order to gain enhanced access to an organisation’s computer systems. Businesses must up their defences to protect themselves against hacking attacks.
When trying to gain access to your company’s IT systems, hackers prefer to target accounts with privileged administrator rights. However, many businesses take a lackadaisical approach to managing the security of these accounts.
The fact that admin accounts frequently outnumber ordinary user accounts by up to four times in many organisations, comes as more good news to hackers who are constantly seeking to maximise the disruption they cause.
“In many organisations, these accounts are not well managed or controlled, giving hackers unfettered, unaccountable access,” says David Higgins, senior sales manager at security software firm, Cyber-Ark.
Intelligence, phishing, escalation
Typically, the hacking process begins with intelligence gathering, which allows the perpetrators to send phishing emails in an attempt to gain access to admin accounts. Once a system has been infiltrated, cyber criminals will collect credentials to enable them to escalate their privileges.
This is a common method which has been carried out in many high-profile breaches, one of the most notable being that launched upon RSA in 2011.
“If hackers are able to gain control of a privileged account,” says Higgins “they are able to bypass most conventional security controls to access and exfiltrate data and then delete the evidence.”
Reducing your exposure
There are a number of security measures that businesses should take to make it harder for attackers to access accounts.
1. Always take the security and confidentiality of privileged accounts seriously – never share login information and avoid keeping passwords static – which means changing them on a regular basis!
2. There are controls you can put in place that will make getting in and accessing sensitive data more difficult for hackers. These controls include setting up multi-factor authentication and continuous user monitoring. Contact us for more details.
3. Enforce a policy of least-privilege, strictly ensuring that users are set up with the minimum level of access that will allow them to carry out the functions they need.