BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Most companies have employees with privileged user accounts, which allow them to make changes to network systems or have access to sensitive data. These users have elevated and less-restrictive access to their company's systems as compared to general users -- and abuse of their credentials is a major cause for data breaches. Maintaining the principle of least privilege is key to improving overall security in the enterprise and preventing these breaches.
"Obtaining a privileged user's credentials has become a prime objective for attackers, as privileged accounts are the gateway to everything else -- email, data, databases, files, system configurations and applications," says Michael Cobb, managing director of CobWeb Applications, a consultancy that helps companies better secure their data. Once hackers have access to privileged credentials, the need for them to break through firewalls or bypass intrusion prevention systems disappears.
Cobb goes over the methods hackers use to steal privileged user credentials and gain elevated rights, as well as the possibility of insider threats. He then explains the best practices for abiding by the security principle of least privilege, such as assigning privileges by roles, reducing the number of privileged user accounts and attributing shared-account information to the right user. A privileged user can be an employee such as a system administrator, help-desk support staff, HR and payroll staff or web content author.
Cobb elaborates on how privileged accounts should be monitored; for example, all access attempts and all executed changes should be logged with the time they occurred. Cloud privileges need to be defined and audited in a similar manner.
Finally, Cobb emphasizes the need for having a proper and well-documented offboarding process that includes suspending all of the ex-employee's accounts and retrieving all of the ex-employee's access tokens and IT equipment.
Watch this video to learn more about privileged user management and preventing hackers from abusing privileged accounts.