According to a Cloud Security Alliance (CSA) report, data breaches, account hijacking and malicious insiders all rated as top threats for IT professionals. In addition, the report found that these attacks often occur because of a lack of scalable identity access management systems, failure to use multifactor authentication, insufficient password use and a lack of ongoing automated rotation of encrypted keys, passwords and certificates—in other words, insufficient identity, credential and access management ranked is a top vulnerability.
Preventing compromised credentials
An outside attacker with legitimate credentials becomes an insider with all of the privileges assigned to the stolen login. These types of compromised credential attacks are an enormous risk to businesses and government. Once an attacker has stolen database credentials, many organizations lack security tools to identify when the attacker has begun using these credentials to access the organization’s information systems.
Here are 3 tips for preventing compromised credentials within your organization. Share these with those who may not be as security savvy to protect data and mitigate threats in the long run:
1. Implement privileged session management
A privileged session manager acts as a credential delegate to connect users to systems without exposing the privileged credentials to individual users or their endpoints. The privileged manager monitors and records the session activity to ensure policies are followed and to maintain forensic data. This goes hand-in-hand with monitoring user behavior analytics, which enables organizations to detect when legitimate user accounts have been compromised by external attackers or are being abused by insiders for malicious purposes.
2. Consider minimal employee privilege access
It is going to be more secure for your business to assign users a minimal set of permissions and grant additional access as needed. As employees are promoted and change responsibilities, they will accumulate a variety of user privileges. Often these privileges are no longer required for their present position, becoming a high security risk. Losing just one set of credentials could potentially expose a variety of systems. Businesses should track which users have access to what databases and retrieve credentials when the user’s job function changes and no longer requires access to those systems.
3. Passwords, passwords, passwords
We know you’re cringing, but you would be shocked at how many users are selecting basic passwords such as these. Lacking proper education and policy enforcement, users will commonly select weak passwords as a matter of convenience. Passwords consisting of few characters and no numbers or special characters are highly vulnerable to credential theft via easily-available hacking tools. Your business not only needs to enforce strong passwords, but also make credential management easy for employees. A single sign-on solution with multifactor authentication is recommended as a further step for improving users’ passwords.
Hackers are gaining access to the credentials of what should be secure organizations. Bill Mann, chief product officer for Centrify, which sponsored the report mentioned above says that they hope these findings will encourage organizations to leverage single sign-on, multi-factor authentication, mobile and Mac management, along with privileged access security and session monitoring, in order to minimize attack surfaces, thwart in-progress attacks and achieve continuous compliance.