Data breaches have fast become the scourge of modern enterprise. The bad news is that the cybercriminals behind such attacks are constantly adapting to make attacks more targeted and effective with each new campaign. All the news of late has been focused on an incident at TalkTalk which showed that teenagers were able to get very close to sensitive customer information. But perhaps of more concern is a report in the Financial Times claiming that the digital identities of tens of thousands of Britons are currently available for sale on the darknet, including thousands stolen from government databases.
We can’t say for certain how exactly they were obtained, but we can absolutely assume that in many cases the victim’s organisation was breached because they failed to adequately secure privileged accounts. Installing Privileged User Management technology should be on the to-do list of all CISOs given the volatility of today’s threat landscape.
An obvious target
Privileged accounts are the focus of more and more targeted attacks because, if compromised, they can open a barn door through which hackers can reach an organisation’s most sensitive data. IT admin accounts not only have access to every part of your organisation but typically are subject to less scrutiny, so by compromising one, attackers can mask unusual behaviour like large file downloads.
Think your IT department is savvy enough to spot an attempted spear phishing attack on one of its accounts? Think again. Attackers will do their research to ensure email lures are incredibly convincing. It’s a process made easier by virtue of the fact that sysadmins’ password management can be as bad as that of a regular computer user. Weak, reused and shared credentials are not an uncommon sight. There can be a complacency in the IT department which also makes them vulnerable to wily attackers.
Although TalkTalk has yet to explain exactly how those behind the attack on its systems managed it, the latest data breach is a classic example of what can happen if you don’t pay enough heed to security. Twice before 2015 the firm was breached, with all the attendant costs of investigation, remediation and clean-up, potential industry fines, and impact on shareholder and customer perception of the brand.
Yet it’s happened again. And although the ISP has clawed back some share points, its reputation among consumers has undoubtedly suffered because of its refusal to waive a punitive leaving fee for all of those wanting out. It should serve as a cautionary tale for what can happen following a serious data breach.
Locking down risk
Whilst locking down IT risk involves more than addressing privileged accounts, this is a great first step to improving security. Osirium’s PxM Platform automates the process of password management, creating long, random passwords which are impossible to crack in a single refresh cycle. Most importantly, these credentials are stored and managed by us, meaning they can’t be socially engineered from an IT admin or by an experienced hacker.