Privileged accounts are a risk for IT security. Most of us know that already – there’s just no avoiding the facts. Facts like:
45% of hackers say privileged passwords are their most coveted target
62% of breaches are the result of privileged account abuse
But while awareness is increasingly high, the same can’t be said for the average organisation’s password security. So what are the obstacles to better password management? Why does the threat remain largely unmitigated?
It’s because we know the scale of the threat in theory. But few of us really know how exposed we are to that risk.
There are privileged passwords that your organisation probably uses every single day. They give your team administrative access to operating systems, user directories, and services. You may be able to list them.
But that’s just the start.
The problem is that privileged accounts come from numerous different sources. Many are implemented out-of-the-box by default, so you’re not in control of when and how each of them is created. In practice, the more you do as an organisation – new services, new integrations, new devices – the harder it is to keep track of your varied accounts and the level of access they give.
That means there are probably huge numbers of passwords that you don’t even know about. So you’re not likely to be securing them.
When you don’t know that a privileged account exists, it’s not subjected to your standard security policies. That means:
However, it’s not just password security that’s a problem. Attackers don’t let you know when they’ve exploited a password, or send you a note about the widespread systems access they’ve just obtained.
When there’s an account you don’t even know about, a successful attack could remain undetected for weeks or months on end – with every passing day giving attackers more opportunity to steal your data, damage your reputation, and disrupt your business.
With the right help, discovering every privileged account on your Windows or UNIX/LINUX systems is quick and easy.
The Thycotic Privileged Account Discovery Tool lets you scan your entire infrastructure and get a detailed, executive-ready report on every privileged password. It’ll tell you how many passwords there are, the age of your passwords, and much more.
It’ll even tell you how many applications a service account currently runs – in other words, how powerful the account could be if an attacker got their hands on it.