Undoubtedly, securing privileged access is becoming increasingly difficult in the age of sophisticated targeted attacks, insider threats and rampant cyber security challenges. It is often an overlooked area of security; however it remains an important and necessary step in the broader fight against security breaches. Attackers are shifting their focus on targeting user privileges through various methods and based on a survey conducted by BeyondTrust, abuse or misuse of privileged credentials is fast becoming the most common source of corporate data breaches.
Why is that the case and how can businesses protect themselves from the onslaught of security risks while dealing with the growing complexities associated with securing privileged access?
To shed some light on the matter, we interviewed BeyondTrust’s Chief Technology Officer, Morey Haber, who co-authored a recently released book – “Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations” – which focuses on and highlights the importance of privilege management in today’s business environment.
The following is a full transcript of the email interview:
CSA Editor: What do you hope readers will gain by the end of the book?
Morey Haber: Privileged Attack Vectors details the risks associated with poor privilege management, the techniques that hackers and insiders leverage, and the defensive measures that organisations must adopt to protect against a breach, protect against lateral movement, and improve the ability to detect hacker activity or insider threats in order to mitigate the impact. Readers will gain an understanding by:
CSA Editor: Since a significant number of data breaches are the result of the abuse or misuse of privileged credentials, are companies putting greater emphasis on securing their endpoints and network parameters?
Morey Haber: The simple answer is yes, but not for the reasons most people think. Companies are putting greater emphasis on the securing their endpoints and network perimeters by enforcing privilege management as a security solution and not as an IT operational solution. This means removing administrator rights from end users, enforcing the policies of least privilege, and removing or securing privileged access from networks outside of their perimeter. The net effect provides a stronger security profile for endpoints by natively denying the permissions and privileges malware and ransomware require in order to infect an asset in the first place, and preventing any beachhead from lateral movement.
CSA Editor: Why are attackers refocusing on targeting user privileges? Is it due to a general lack of awareness when it comes to privileged attack vectors or a lax attitude towards privileged access?
Morey Haber: Threat actors will always target the easiest method to attack a resource with the least resistance, high chances of success, and the best odds to continue their missions with minimal risk of detection. Credentials with easy to compromise authentication represents that lowest hanging fruit since people reuse, share, or do not change default passwords. This makes them an easy target once the initial compromise is successful and threat actors can hide their activities behind legitimate users. Users are very much aware of the problem but the realistic expectations of trying to remember a unique complex password for every resource they access is just not feasible.
CSA Editor: The majority of the respondents in BeyondTrust’s Five Deadly Sins of Privileged Access Management were based in the US. In your view, are Asian companies affected by the same kinds of struggles, concerns and shortcomings in terms of privileged access management?
Morey Haber: In my opinion, Asian companies are affected by the same struggles, concerns, and shortcomings as other nations around the world based on one simple fact. The computer technology used in Asia is based on the same operating systems, applications, and databases found worldwide and, in many cases, not even localised. While cultural differences around theft and honour are different, the Internet allows threat actors to target anyone, anywhere, and at any time. This makes privileged access a worldwide problem and not a regional one based on the technology the next generation economy has adopted worldwide.
CSA Editor: Referring to the “12-step privileged access management implementation plan” in the book, do the same steps apply to small businesses and large enterprises?
Morey Haber: The 12 Step privileged access management plan is an approach for all organisations but realistically some steps can be skipped based on organisational size, technology deployed, and even re-ordered based on an organisations business model. For all enterprises, the model is required and recommended for all 12 steps, but we have seen some organisations start in the middle and then revisit the early steps based on their perceived threats.