The Power And Problem Of Privilege In Cybersecurity

June 2, 2015

Tom Kemp

All identities are not created equal. There are regular users. And then there are superusers, people who wield far greater access and privilege in the organization’s IT environment.

These privileged identities are necessary—users like database administrators and sys admins do need extensive access to computers, networks and applications—but privileged identities come with risk. In addition, IT departments often give non-technical executives (e.g. VP of Sales, CEOs, CFOs, etc.) broad privilege inside corporate applications, figuring it is better to give too much freedom to upper management than get yelled at when someone can’t create a report.

These elevated permissions make privileged accounts intensely sought by hackers, who can steal far more information and do far more damage if they get their hands on a privileged identity. After all, why rob the branch bank on the corner when you can break into Fort Knox? You want to get maximum return for your effort and privileged identities provide it.

Verizon’s 2015 Data Breach Investigations Report shows that the organization’s most vulnerable point is not just any ol’ password but passwords that hold the proverbial keys to the kingdom, those privileged identities that have root, admin or read/write access privileges for critical infrastructure, apps and data.

If privileged identities are well audited and monitored, and not shared like some viral video, hackers can be discouraged and damage contained. But too often it’s quite simple for cybercriminals to get ahold of privileged identities.

Hackers used basic phishing emails to penetrate the networks of Sony Pictures in fall 2014. An investigation of the hack revealed that a number of top Sony Pictures executives, including CEO Michael Lynton, got fake Apple ID-verification emails in mid-September asking them to go to a phony Apple website to confirm their Apple ID and password. Assuming, correctly, that some of the executives were using the same ID and password at work, the hackers gained broad access and ransacked the Sony files.

Read Full Article