The year of the weekly data breach

Published: 05 November 2015

Catherine Jamieson, Data Breaches

By Catherine Jamieson

As TalkTalk Reels, Why Privileged User Management Can Help Defeat the Data Thieves

The data breach has fast become the scourge of the modern enterprise. And the bad news is the cybercriminals behind such attacks are constantly adapting to make them more targeted and effective with each new campaign. All the news of late has been focused on an incident at TalkTalk which showed that teenagers were able to get very close to sensitive customer information. But perhaps of more concern is a new report in the FT claiming that the digital identities of tens of thousands of Britons are currently available for sale on the darknet, including thousands stolen from government databases. We can't say for certain how exactly they were obtained, but we can absolutely assume that in many cases the victim organisation was breached because they failed to adequately secure privileged accounts. Installing Privileged User Management technology should be on the to-do list of all CISOs given the volatility of today's threat landscape.

Data Leak, caused by fracture in data store

An obvious target

Privileged accounts are the focus of more and more targeted attacks because, if compromised, they can open a barn door through which hackers can reach an organisation's most sensitive data. IT admins' accounts not only have access to every part of your organisation but typically are subject to less scrutiny, so by compromising one, attackers can mask unusual behaviour like large file downloads.

Think your IT department is savvy enough to spot an attempted spear phishing attack on one of its accounts? Think again. Attackers will do their research to ensure email lures are incredibly convincing. It's a process made easier by virtue of the fact that sysadmins' password management can be as bad as that of a regular computer user. Weak, reused and shared credentials are not an uncommon sight. There can be a complacence in the IT department which also makes them vulnerable to wily attackers.

Although TalkTalk has yet to explain exactly how those behind the attack on its systems managed it, the latest breach is a classic example of what can happen if you don't pay enough heed to security. Twice before this year the firm was breached, with all the attendant costs of investigation, remediation and clean-up, potential industry fines, and impact on shareholder and customer perception of the brand.

Yet it's happened again. And although the ISP has clawed back some share points, its reputation among consumers has undoubtedly suffered because of its refusal to waive a punitive leaving fee for all of those wanting out. It should serve as a cautionary tale for what can happen following a serious data breach.

Locking down risk

So what's the answer? Well, locking down IT risk involves more than addressing privileged accounts. But this is a great first step to improving security. Osirium's Privileged Account Management platform automates the process of password management, creating long, random passwords which are impossible to crack in a single refresh cycle. Most importantly, these credentials are stored and managed by us, meaning they can't be socially engineered from an IT admin by an experienced hacker.

Other steps firms can take to reduce the risk of privileged account compromise include:

  • Invest in tools to gain greater visibility into admin account usage so you can tell when something abnormal is happening
  • Operate policy of least privileged access and reduce the number of privileged accounts to a bare minimum to minimise attack surface
  • Operate and enforce a dual account policy, so admins can't increase their privileges
  • Delete anonymous and shared admin accounts to improve accountability

These can help, but we'd always argue at Osirium that installing Privileged User Management is the best option, because it completely isolates the thing the bad guys want (log-in credentials) from the person they want it from (your IT admins). Job done tick.

Release Date: 
Thursday, 5 November 2015
Article Type: 
Blog Post
Catherine Jamieson