- When was the last time your organisation’s privileged account passwords were rotated and randomised (e.g., local or domain shared administrator accounts; users’ personal admin accounts; service, operating system, network device, database (A2DB) and application (A2A) accounts; or even SSH keys)?
- Regardless of your answer to the first question, are you confident that every privileged account is managed, and that there are no rogue accounts with old, outdated passwords?
- Anthem Health Insurance: 80 million individuals, whose names, emails, phone numbers, and addresses had been stolen.
- Target: 70 million individuals – compromised by a phishing attack on a third-party supplier with privileged credentials to the Target network. Malware was deployed and settled in the POS system gaining access to payments data.
- Home Depot: 53 million individuals @ a cost of $148 million to fix – another third-party vendor’s user name and password.
- JP Morgan: 76 million households and 7 million businesses – compromised through a single employee’s password.
- eBay: 145 million accounts compromised – attackers compromised a small number of employees.
- And then the infamous Sony Pictures breach – the hackers claim to have taken over 100 terabytes of data from Sony. In first quarter financials, Sony Pictures set aside $15 million for legal fees. Not to mention lost revenue from The Interview. And that’s just the beginning.
- Former employees. When an employee with privileged access leaves the company, he or she won’t just forget their old passwords. Whether leaving on a good note or not, former employees pose a threat to your organisation’s protected information.
- Outsider Threats. Static passwords present an open door for hackers to use brute force tactics to access a company network—which aids them in faster in-and-out attacks that can go unnoticed for months.
- Insider Threats. Only certain employees should have access to privileged systems and data, and it would be foolish for IT administrators to put faith in their employees to self-manage their access. The moment a password is written on a Post-It, shared with another employee or saved to a Word document, it becomes a security and compliance liability for the entire organisation.
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.