According to the Thycotic’s 2015 Hacker survey, 9 in 10 white-hat and black-hat hackers find it easy to steal privileged account credentials. In fact, they found it even easier today than it was two years ago, which means that companies are either failing to keep them safe or overestimating their ability to secure them.
Privileged accounts are the most favoured target for 45% of the 201 self-identified hackers because they give direct access to the most sensitive information and data companies try to secure. Their second favourite is end-user credentials (33%).
Privileged credentials on unprotected files – it’s like taking candy from a baby
Surprisingly, 94% of hackers admitted that they found privileged credentials in unprotected files such as spreadsheets either “all of the time” or “most of the time”. That’s an open invitation for hackers to help themselves: they can act undisturbed using legitimate login access and their presence might not be discovered until it’s too late.
The ripest breach targets
When asked which industry they consider to be the ripest target, 28% identified healthcare, followed by financial services (25%), government (24%), education (13%) and energy (10%). Why are they hackers’ favourite targets? Because each company in any of these industries collects and stores a massive amount of customers’ sensitive information, such as National Insurance numbers, tax information, bank details and more.
The need for better access control and administrative privilege management
“If you don’t have good privileged account management, attackers can take your credentials and start acting like a trusted user”, said cyber security expert Dave Shackleford of IANS. Having robust access control and administrative privilege management is one of the five security controls required by Cyber Essentials.
When all five controls are in place (view the five controls here), they could prevent around 80% of Internet-based attacks. Furthermore, companies that do so also benefit from increased cyber security, improved business efficiency (see how), reduced insurance premiums, better reputation among competitors, customers and shareholders, and much more.