Why privileged accounts are master keys coveted by hackers

By Byron V. Acohido

SEATTLE – One big reason cyberintruders can easily roam far and wide, once they crack inside a company network, is that many organizations pay scant heed to privileged accounts.

Privileged accounts are the logons that give administrative access to any device with a microprocessor, including PCs, servers, databases and copiers.

They function, in effect, as master keys to the deepest, most sensitive parts of an organization’s digital assets.

A recent survey by Cyber-Ark Software found that 86% of large enterprise organizations either do not know or underestimate the number of privileged accounts incorporated into their networks.

However,the bad guys certainly have a good sense of where to look for privileged accounts — and how to take advantage of them.

“Hackers know that these things are built into the infrastructure and are everywhere and that organizations fail to secure them,” says Udi Mokady, CEO of Cyber-Ark. “It’s a major, and easy, attack vector.”

Cyber-Ark determined that the number of privileged accounts in an organization is typically three to four times the number of employees.

Often passwords to these accounts are widely shared and changed infrequently. Roughly half of the responding organizations in Cyber-Ark’s survey admitted to sharing passwords to privileged accounts among “approved” users.

Larger enterprises shared privileged account passwords 56% of the time, while smaller companies shared passwords 47% of the time.

Organizations large and small can shore up defenses by identifying here privileged accounts exist, monitoring them and implementing strong password policies.

“You need to make sure the only way to access privileged accounts is through very stringent security layers,” says Mokady.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone