Each year, BeyondTrust conducts a survey to identify trends in the privileged account management market. The survey explores how organizations view the risk from privileged account misuse (malicious or inadvertent), as well as trends in addressing and mitigating the risks. Over 700 information technology professionals participated in the 2015 survey, representing organizations in retail, government, education, manufacturing and technology markets.
Privileged account management was particularly important to organizations participating in the survey this year. You don’t have to look much further than the Sony breach and other recent data breaches to understand why. Data from the 2014 Verizon Data Breach Investigations Report supports this, identifying the use of stolen credentials as the most prevalent attack vector. From an adversary’s standpoint, stolen credentials are the perfect vehicles from which to execute an attack. They provide access to an organization’s sensitive data and a means to move undetected within the corporate network. If the credential’s owner is an executive, system administrator, or other user with elevated privileges, the attacker can access almost any system or data in the organization – or install malicious software to advance his attack.
However, stolen credentials are not the only risk from elevated privileges. Malicious insiders may use their privileges to access, share or steal sensitive data. Inadvertent abuse is also a concern. Employees with elevated privileges may access sensitive data out of curiosity, move data to unauthorized cloud storage for use off-network, or install unauthorized software such as file sharing applications that put data at risk.
User and account management is information security at its most basic level. The concept of “least privilege” states that users should have the lowest level of access privileges required to effectively conduct their jobs. However, many basic operating system, management, application, and software functions (e.g., configuration utilities) require more than basic privileges. Traditionally, these functions require end users to possess elevated privileges in the form of an administrative username and password. Best practices provide users with unfettered access to the data and programs required for their jobs, while preventing other actions that might introduce risk to the organization.