IT Briefcase Exclusive Interview: Dissecting the Anatomy of a BreachSeptember 27, 2017 No Comments
Cybersecurity is a hot topic these days, affecting more than 3.6 billion Internet users worldwide. All of these connections represent opportunities that hackers can exploit for financial gain or to steal our identities in order to access sensitive or proprietary information, both in our personal lives and at work. Unfortunately, many IT users lack a full understanding of how privileged accounts function, as well as the risks associated with their compromise and misuse. That makes them and their organizations much more vulnerable to potential monetary and reputational damage from increasingly sophisticated threats.
So what do businesses need to know in order to better protect themselves?
In this IT Briefcase exclusive interview, Joseph Carson, chief security scientist at Thycotic, explains how outside attackers or malicious insiders can exploit vulnerabilities using examples such as a compromised email account password that escalates into a full-blown breach of network security. By dissecting the make-up of a privileged account hack, it can be shown exactly how cyber criminals target their victims as well as what can be done moving forward to reduce risk and prevent abuse of critical information assets.
Q: Tell me a little bit about Thycotic. What makes Secret Server stand out from the competition?
A: Our company believes in our people. When you have passionate, intelligent thought leaders all working together, it allows for synergy and excitement. We care about solutions. As a company, our core focus is on privilege access management (PAM). All our efforts and passion are to make sure we are the most experienced and knowledgeable about what we do. As a global leader, we protect against one of the most targeted and compromised areas in the industry, and we need to be sure what we offer provides this. We ensure ease of use. There can no longer be software that takes months to install, is complicated to integrate and hard to use. Threats evolve quickly and sometimes software cannot keep up. What we do helps companies with an easy installation, ease of use, and ability to effortlessly integrate. This way, companies may advance and evolve quickly to address evolving new threats. I help with security research to ensure our knowledge and vision in the security industry is making a difference and adding value to our customers.
Q: Can you give an example of how an IT admin would use Thycotic?
A: An IT Admin can easily change hundreds of privileged account passwords quickly to ensure their environment is protected and secured at the same time reporting compliance to auditors. We help IT administrators spend more time on innovation helping their business focus on the core values by eliminating the problem of protecting, securing and automated the management of passwords and privileges accounts. We help IT admins be more productive saving time from managing passwords with an easy to install and easy to use solution at the same time helping reducing costs.
Q: What are a few common ways that outside attackers or malicious insiders exploit vulnerabilities?
A: If we look at why many of the breaches in recent years have occurred it comes down to three major factors that can be categorized into the Human Factor, identities and Credentials, and Vulnerabilities. With the digital social society, we are sharing more information publicly, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks with the ultimate goal to compromise our devices for financial fraud or to steal our identities in order to access the company we are entrusted with protecting and potentially damaging your own personal data in the process. When our identities are stolen, it provides the attacker with the ease of bypassing the traditional security perimeter undetected, existing security technologies and if that identity has access to privilege accounts, they can easily carry out malicious attacks under your name.
Q: What exactly is a privileged account hack and how do cyber criminals target their victims?
A: Many high-profile data breaches have resulted from stolen and weak passwords that initially give hackers a “foot in the door” which is exploited further by gaining access to privileged accounts. Compromised privileged accounts provide attackers with elevated permissions that enable them to move through an organization’s network and systems to steal, poison, and/or remove critical information. Because the attackers appear to be legitimate users of privileged accounts, they can carry out malicious activities for weeks or months without being detected.
A privileged account can be human or non-human; they allow IT professionals to manage applications, software, and server hardware. Privileged accounts provide administrative or specialized levels of access based on higher levels of permissions that are shared. Some types of non-human privileged accounts are application accounts used to run services requiring specific permissions. Like user accounts, privileged accounts have passwords to control access. The problem with user and privileged account passwords is that hackers have many tools to help crack these passwords. After a hacker gets access to a password-protected system, the damage can be catastrophic. Hijacking privileged accounts gives attackers the ability to access and download an organization’s most sensitive data, distribute malware, bypass existing security controls, and erase audit trails to hide their activity.
Compromising a privileged account, therefore, can be the difference between a simple network breach and a cyber catastrophe. When a single system is compromised, it is typically easier to mitigate, isolate, and eradicate the risk and restore control. When a privileged account is breached, it can lead to a major disaster. That’s because when a privileged account gets hacked, it allows the attacker to impersonate a trusted employee or system and carry out malicious activity without being detected as an intruder. Once attackers compromise a privileged account, they can typically roam at will through an IT environment to steal information and wreak havoc.
Q: What can be done, moving forward, to reduce risk and prevent abuse of critical information assets?
A: PAM can be used to improve insights into vulnerability assessments, IT network inventory scanning, virtual environment security, identity governance, and administration and behaviour analytics. By paying special attention to privileged account security, you can enhance all your cybersecurity efforts, helping to safeguard your organization in the most efficient and effective way possible.
- Educating all key stakeholders on the fundamentals of cyber security.
- Taking a people-centric approach to cyber security that prioritizes ease of use and less complexity.
- Implementing Multi-Factor Authentication for emails and all sensitive privileged accounts.
- Enabling encryption to protect user credentials and privacy.
- Automating the management and security of privileged accounts.
Q: What advice would you have for a business looking to protect themselves from a privileged account hack?
A: Protect your privileged accounts with a PAM solution that controls access, automates password rotations, and automatically discovers and protects new accounts. Do not try to do this manually as it usually results in inconsistent results reducing security and increasing the possibility of cyber fatigue. Implement a comprehensive PAM solution with a trusted partner to help you control access to systems and sensitive data, comply with policies and regulations, and ultimately make your company safer. Look for software solutions that automate the identification and understanding of risk to your privileged accounts, along with continuous monitoring, recording, and secure storage.
Joseph Carson is a cybersecurity professional with more than 20 years of experience in enterprise security and infrastructure. Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).