While malware and ransomware continue to hit the headlines, privileged accounts remain by far the most common target for cyber crime. But none are more troublesome than service accounts.
Used by applications and systems, not people, few business leaders even know they exist – let alone how to keep them safe. And that makes closing this attack vector a serious challenge for IT teams.
To help, Thycotic have published a free eBook – Service Account Security for Dummies. It’s a straightforward, all-in-one guide to service account risks and how to eliminate them, ideal for technical and non-technical decision-makers alike.
Download your free copy now or read on to see why service accounts pose such a unique challenge.Download now
According to Thycotic’s 2019 Black Hat Survey Report, service accounts are a top target for cybercriminals. They exist under the radar and, as a result, give attackers a way to stay undetected for months, even years on end.
But why is that? Why don’t IT teams just apply the same stringent processes they would use for end-user accounts?
At the most fundamental level, it’s hard to know what’s happening with your service accounts. Across Windows, UNIX, Linux and the cloud, IT rarely keeps a consolidated, centralised list of every service account, why it exists and how it’s used.
A lack of visibility means IT teams are keen to play it safe. It’s easier to leave service accounts as they are than make changes and run the risk of breaking things. That’s why most service accounts are left with excessive privileges and access that they simply don’t need – an attacker’s dream come true.
Fear of best practice
Similarly, applying best practice opens up new risk if it’s not handled properly. Something as simple as rotating a password or decommissioning an account could break connectivity between vital systems and applications. Faced with this risk, it’s easier to look the other way.
An impossible scale
Finally, the sheer scale of the service accounts issue is overwhelming. Even if an IT team commits to the idea of finding, auditing and regularly reviewing every service account, there’s rarely time or resources to put it into practice.
Written in the familiar, easy to understand ‘For Dummies’ style, Thycotic’s new eBook is a complete guide to service accounts, written by a security professional.
Inside, you’ll get: