Almost all cyber security breaches can be traced back to an attacker stealing an admin account or credentials. These accounts are often targeted because they are entry points to collecting valuable information.
As government organisations become increasingly dependent on digital, hackers are sharpening their tools in targeting specific users. While it is not possible to secure every user account, government agencies must take steps in reducing risks, especially for critical accounts.
1. What is Privileged Access?
Privileged Accounts are those with special access above that of a standard user, and are needed for administrators, applications, or devices to access a system. These accounts are important in day-to-day operations, but the responsibility and exposure make privileged access more of a liability if it is not managed safely.
These critical access points can be compromised or abused by actors both within and outside an organisation. While external threats may be malicious, internal threats are often from people who are unknowingly hooked through targeted attacks, like phishing emails.
If an account that provides elevated and privileged permissions to sensitive assets is compromised, it could result in significant damage to an organisation. These damages include theft, data corruption or loss, and disruption in operations.
2. Why is Privileged Access Security important?
Privileged Access Security is both a defensive and offensive strategy in maintaining cyber security. Hackers often use these accounts to get in and stay in the network, and are often hard to detect because it looks like a normal user or service is logging on.
A recent industry report from CyberArk noted that it takes more than 150 days to detect an attack, about 40 days to contain it, and another 43 days before the threat is fully resolved. The protracted time could have serious repercussions on data loss and corruption in an organisation.
Having a set of Privileged Access Security tools reduces the noise when it comes to monitoring suspicious activities on these accounts. This means data breaches can be stopped before it happens, and when a cyber attack happens, they can be shut down quickly without affecting operations.
3. How does it affect government?
Government agencies hold sensitive information that could undermine national security. They range from personal records, to high-level intelligence findings. Ministries are frequent targets in today’s advanced attacks launched by state-sponsored organisations, cyber criminals, and even terrorist groups.
A weak link among single user may lead to entire systems being compromised. While it is not possible to build a virtual wall around each user in the public service, it is possible to secure the access of privileged users.
4. How do you go about doing it?
Organisations must first identify which user accounts are most at risk in setting up a plan for privileged accounts security. Next, a minimum access should be given to each user to perform his/her function. And finally, a balanced approach is needed in enabling and restricting access.
Detective controls can often help in getting the balance right between protecting accounts and the ease of use in daily work. In some cases, a less restrictive approach with increased monitoring could be better than putting up multiple barriers to entry.
Regardless of the approach, security teams must continuously update progress, priorities, and opportunities to secure privileged access.
Humans are the first line of defence when it comes to preventing cyber attacks. But there are also technological tools available to complement training and vigilance. “Privileged Access Management can help secure, control, manage, and monitor privileged access to critical assets, and restrict such access quickly when an attack happens, while making sure other users are able to continue as usual,” says Teck Wee Lim, ASEAN Regional Director of CyberArk.
For more information, download ‘Privileged Access Security for Dummies.’