Cyber attacks have become very common on privileged accounts, primarily because they represent the gateway to a company’s most valuable data.
However, according to a recent Verizon Data Breach Investigations Report that focused on privileged accounts, 63 percent of all security breaches are a result of weak and/or common passwords. In addition, 53 percent of the breaches were caused by the misuse of privileged accounts.
The importance of privileged accounts is indisputable. If you want to protect your company’s most valuable data, you need to have privileged accounts. One of the main reasons an account is termed privileged is it has access to valuable data that can be monetized. This includes protected health data, credit card numbers, social security numbers, and other information.
But this is not the only reason an account might be considered privileged.
When creating privileged accounts for your company, you have to decide which data is privileged, where it is stored, and who has access to it. Nevertheless, the most important consideration when creating these accounts is the level of control. There needs to be complete control over privileged accounts to be compliant with the industry regulations.
In addition to access to monetized data, there are several other types of privileged accounts.
A local admin account is not a personal account. It provides administrative access to the localhost and is used by IT staff to perform maintenance and set-up new workstations. Typically, local admin accounts have the same password across the organization. Unfortunately, this creates a soft spot for hackers because shared passwords are often used by thousands of hosts. If you are using this type of account in your company, you need to adopt a new practice.
A privileged user account gives the user privilege to one or more systems. This account has a unique and complicated password, giving it power across the network. However, it needs to be closely monitored, especially if the privileged user accounts do not belong to individual users and are shared among different admins. It is also important to always know who has access to these accounts, what data the users access, and how often they access the accounts.
The domain admin account offers privileged access to all workstations and servers in your Windows domain. It is one of the most robust and extensive accounts across a network, because it has full control over all domain controllers and the ability to modify the membership of all administrative accounts within the domain. This account should be monitored closely because if it’s breached, it can have serious ramifications on your company’s security.
An emergency account offers unprivileged users admin access to security systems in the event of an emergency. It is also referred to as a fire-call or break-glass account. While this account requires managerial approval, it is usually done through a manual process that lacks proper record keeping.
A service account is a privileged local or domain account used by an application or service to connect with an operating system. Typically, this account only has domain access if it’s needed by the application. Because it interacts with various Windows components, this account is quite complex.
The best approach to creating privileged accounts for an organization is to first perform a comprehensive audit of all privileged risks your organization faces. Then, map out the steps you need to take to get to the appropriate privileged access security policy in place.
For further reading, check out our other articles like Identity Provider Versus Authorization Server and 2 Factor Authentication vs. Multi-Factor Authentication.