5 Privileged Account Management Tips from your Attackers

Who is your go-to source of advice on cyber security? Some of us turn to Google. Many of us keep up with the latest industry news. But there’s one group that knows more than anyone about the latest attacks and what makes an attacker’s life difficult: the attackers themselves.

This year is the 20th anniversary of the Black Hat conference, an event that brings together cyber security experts, industry innovators, and white and black hat hackers. Every year, Privileged Account Management (PAM) specialists Thycotic conducts a detailed survey to learn more about hacker methodologies.

Drawing on the insights of real-life attackers – we’ve put together 5 essential tips on protecting your privileged accounts.

1. Implement least privilege

Privileged accounts are a major target for attackers. 9% of Black Hat attendees would hack your password just for fun.

Typically, an attack crosses three key steps:

  1. Attacker exploits an end-user workstation
  2. Attacker compromises a privileged account
  3. Attacker gradually escalates privileges to gain widespread system access

Your first priority in protecting your estate should be implementing a rule of least privilege, where end-user workstations simply don’t touch privileged accounts unless absolutely necessary. Through better workstation configuration alone, you can dramatically reduce your level of risk.

2. Eliminate manual password processes

It’s a frightening reality that many businesses still use unencrypted, unsophisticated tools like spreadsheets and text files to store passwords. If these are compromised, an entire organisation could be exposed.

Meanwhile, with so many privileged accounts (typically three times the number of employees), attempting to manually maintain visibility is hopeless. In fact, most IT teams would be hard-pressed to list all their privileged accounts, let alone explain how each of them is used and by whom.

In password security, automation is your friend. The right technology can help you audit, inventory, and monitor all your privileged accounts at once.

3. Invest in security training

According to Symantec, phishing emails continue to be increasingly problematic to your IT security. Attackers understand an evergreen truth about security – humans tend to be the weakness in your armour.

It’s no surprise, then, that Black Hat attendees recommend a strong commitment to IT Security Awareness training – not just a simple online test but comprehensive education around what good security practice looks like.

4. Take control of your applications

Beyond securing the passwords and user accounts within your applications, hackers emphasise the importance of increasing application visibility and control.

Advanced threats often target applications or, in the case of malware and ransomware, are packaged into seemingly innocuous applications themselves. As part of your security, it’s important to implement white-boxing and sand-boxing for applications, ensuring that unknown software is never executed without the appropriate authorisation.

5. Enforce strict password policies for best practice

Finally, Black Hat 2016 attendees highlighted end-user accounts as an important step in gaining privileged account access. As a result, effective security means implementing strong password policies on user accounts as well as privileged accounts.

This should include:

  • Password rotation every 30-90 days
  • Enforced password complexity policies
  • Detailed audit logs for compliance and monitoring

Get more advice from the attackers

Thycotic is currently preparing the 2017 Black Hat Survey Report, which promises to be an illuminating look at the state of Privileged Account Management today.

Written by