How to protect privileged accounts

What are privileged access and accounts - and why do the latter pose a security risk? We'll dive into that in this article.

03-02-2023 - 6 minute read. Posted in: hacking.

How to protect privileged accounts

Privileged access means that a user has special rights that not all employees have. This could be access to certain file systems, for example. A privileged account is therefore a user with privileged access. They pose a particular threat to security, which we delve into in this article.

Privileged access in a nutshell

Privileged access is also known as extended rights, which are rights that grant access to particularly critical data or functions. It can be sensitive and confidential data about employees, payroll budgets or powers to approve almost anything. They therefore pose an increased security risk and are subject to specific requirements.

It is the responsibility of the party granting the privilege to adequately instruct the privileged user in the organisation's general guidelines to maintain the necessary level of security.

This includes the use of strong passwords and other security measures as appropriate, as privileged accounts are particularly vulnerable to misuse and cyber attacks.

Employees with privileged access, i.e. privileged accounts, can be, for example, administrators or IT support staff on the system, but also employees at management level. In short, employees with privileged access need additional rights because they manage IT infrastructure or need access to sensitive data.

Why privileged accounts are targets for hackers

When hackers and IT criminals gain access to privileged employee accounts, they gain access not only to critical data but to the entire flow of data in an organisation. It's a way for them to sneak into the system, which is why it can take a long time to detect unwanted and malicious activity. It can thus be considered as an insider threat.

Privileged users are a target because they hold the key to the data that the hackers want to get their hands on.

Hackers can use different approaches, but typically they are seen to start from the bottom. Attacks start with a phishing email to an employee, giving the hacker access to his or her account. From there, they work their way up until they reach a critical level that gives them great power - for example, an administrator account. After that, there is no limit to the damage they can do. Typically, the hacker will create a secret account for themselves and follow the data flow for a long time afterwards. They can also go as far as shutting down the infrastructure completely.

According to Verizon's 2022 Data Breach Report, 82% of all security breaches and incidents are due to the human factor, i.e. personal phishing emails, human error or misuse. This is also precisely one of the reasons why privileged accounts are a target and a pathway into systems for hackers and therefore pose a security threat to organisations.

The problem with privileged accounts often arises when they are not protected separately.

What can be done to increase security around privileged accounts?

It is therefore extremely important to have a handle on the security of privileged accounts. Fortunately, there are several measures you can implement to increase security.

Limit the number of privileged accounts It's a good idea to limit the number of privileged accounts to make it harder for hackers to access them. Also, if you have many privileged accounts, it can be difficult to keep track of who has access to what. You can maintain this restriction by having a restrictive policy for creating and closing privileged accounts.

Draft a privileged accounts policy and guidelines Following on from the above, a specific policy or guidelines for privileged accounts can be developed, including how they are handled and used. This also includes requirements on how to authenticate oneself when accessing this type of privileged accounts.

Account names It may be useful to look at what you name the various user accounts to make it harder for hackers to identify administrator accounts. In many cases, privileged accounts are called "admin", which means that a hacker will be able to identify that it is a privileged account very quickly. Such accounts can easily be renamed to make them look like standard accounts.

Conversely, standard accounts with names related to systems or privileged rights can confuse and delay the hacker's way into the system.

Use privileged accounts only for specific purposes It is a good idea to ensure that privileged accounts are used only for their primary purpose, including specific system technical or administrative tasks. It is also a security measure to use dedicated devices for privileged accounts/rights only. Using them for other activities, including reading emails and browsing the Internet, increases the risk of an attack and of the system being compromised in this way.

Use multi-factor authentication for login Multi-factor authentication at login always helps to increase security as it adds an extra layer of security to an account. It means that you have to verify your identity further, for example by using a one-time SMS code, in addition to your regular password.

In addition, it is important that there are no multiple employees or users sharing login credentials for accounts with privileged rights.

Use an access control software tool Software tools such as Privileged Account Management (PAM) can be used to automate the management of access to privileged accounts. PAM protects privileged user identities while providing infosec staff with a platform from which to monitor privileged accounts. For example, PAM can protect privileged accounts by storing login credentials in a specially protected portal - a kind of digital vault - that requires a unique type of authentication to gain access. Multi-factor authentication can also be used in PAM.

Here, however, it is important to add that it should still be monitored that privileged accounts are only used for its specific purposes and tasks. It is therefore useful to keep a detailed log of privileged sessions so that infosec staff can quickly identify any abnormal activity.

Do your cybersecurity awareness training Through awareness training employees will learn about the cyber threat, which is a constant threat to all organisations. Employees learn what to look out for in terms of phishing and social engineering to avoid becoming a route for hackers into systems.

Sources Verizon, "2022 Data Breach Investigations Report."

Author Emilie Hartmann

Emilie Hartmann

Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.

Similar posts