The tenth installment of Verizon’s annual Data Breach Investigations Report (DBIR) came out in April, 2017. The DBIR does a lot for the public by providing a detailed analysis of security incidents and data breaches around the world. Upon first look, the stats for 2016 look great compared to 2015.
For instance, the number of security incidents has decreased from 64,199 in 2015 to 42,068 in 2016; and this is not the only good news. The confirmed number of data breaches among all incidents has also dropped from 2,260 in 2015 to 1,935 in 2016. We were impressed at first, but then we looked closer into the details and found some disturbing facts.
Privilege misuse is highlighted in the report as one of the top threats.
Despite the fact that things are looking up for IT security—based on the stats listed—it turns out that the same could not be said about privileged access governance. In fact, the confirmed number of data breaches caused by privilege misuse actually increased from 172 in 2015 to 277 in 2016. The public, healthcare, and finance industries were the primary targets among the various victims of these breaches.
In a seemingly contradictory fashion, Verizon claims that there were only 7,743 security incidents emerging out of privilege misuse in 2016 compared to 10,490 in 2015. So to reconcile these two data points, our observation is that while organizations worldwide have managed to bring down incidents by shrinking the circle of authorized privileged users, organizations still fail to control how authorized users use their privilege.
Strangely enough, another stat in the report indicates that 81 percent of the privilege misuse breaches were carried out by an insider—which backs up the above observation. Thus, misuse of privilege apparently still is, as it has always been, one of the top ways attackers gain access to sensitive data pertaining to any organization.
Privilege misuse could mean mishandling data or installing unapproved hardware or software. Security incidents that arise from privilege misuse are difficult to discover early on since privileged access at the hands of the malicious user—internal or external—allows the attacker to pass into an organization’s network undetected.
Furthermore, organizations should also understand how a malicious user obtains privileged access in the first place. Most often, this administrative privilege abuse involves the compromise of privileged account credentials at an earlier stage. Attackers constantly target static, weak passwords that grant them elevated privileges; for insiders, they already have all the privileges they need. In order to tackle such attacks, enterprises should focus on devising a judicious approach towards privileged access provisioning, control, and management.
Combating privilege misuse by enforcing tight controls over privileged access.
Managing the complete privileged access life cycle is the most effective way for enterprises to tackle privilege misuse. A privileged access management (PAM) solution lets enterprises enforce a multi-pronged strategy that involves privileged account consolidation, secure password management practices, granular access controls, and continuous monitoring of what users are doing with their authorized privileges. Loose lips sinking your organization’s ship will be a thing of the past once you’ve implemented an effective PAM solution.
A robust PAM solution enables organizations to:
- Inventory all critical administrative accounts that hold privileged access, and store them in a secure location.
- Protect and manage privileged accounts with strong password policies, regular password resets, and selective password sharing based on the principle of least privilege.
- Control the retrieval of privileged credentials by implementing granular restrictions for any user who requires administrative access to any IT resource.
- Provide privileged access only for genuine users who have passed through multiple stages of authentication, thereby associating every privileged activity with a valid user profile.
- Moderate how users, especially third-party vendors and contractors, are allowed to connect to internal resources from remote locations.
- Monitor all user activities carried out during privileged sessions—in real time—to detect any unusual or suspicious behavior.
- Maintain a complete audit record of privileged access, including who carried out what activity during which user session.
Automate your entire privileged access management routine with Password Manager Pro.
Deploy Password Manager Pro in your environment to learn how easily you can manage your privileged access points and protect your users from cyber threats, and implement automation schedules to make your job easier.