Speaking at Black Hat MEA 2022, Vishal Thakkar (Director of Customer Success, Sectona) said that privileged access is the first doorway attackers look for when they seek entry to an organisation. Because by definition, privileged access provides more than just an entry point – it provides access via high-level credentials, which minimises friction for an attacker.
But while security teams do need to minimise friction for legitimate privileged users, they also want to increase friction for threat actors. And that means that privileged access is a key area of focus – to make sure you’re protecting the most precious data your organisation stores.
Modern privileged access programs are a challenge for security
Data from Verizon in 2021 found that 72% of data breaches involved the exploitation of privileged credentials. And IBM’s 2023 Cost of a Data Breach report estimated that the average cost of a data breach is USD $4.45 million – while it takes an average of 277 days to detect and contain a breach.
It’s clear that privileged access is a crucial area for protection – to minimise breaches and to reduce the extent and cost when they do happen.
But today’s privileged access programs offer a widening threat landscape. They’re often built on the principle of access anywhere, so that privileged users can sign into a network on a range of devices and from any geographical location. Within that landscape there’s also a high risk of untested endpoints, and the need for minimal friction (for example, the ability to onboard new users quickly and easily) – which makes it harder to comprehensively secure the network.
How can security operations overcome these challenges?
There has to be a core focus on securing the most important data first: credentials, keys, and secrets. “Security policy must define the role that each user has in a system,” Thakkar noted, and organisations should store critical data in a central vault.
Thakkar’s team provides that centralised vault security to the organisation they work with. And Thakkar also takes a big-picture view of privileged access, identifying three top priorities:
- Secure remote access in line with the Zero Trust model
- Minimise the exposure of sensitive information such as credentials, keys, and secrets
- Governing access beyond organisations perimeters
Privileged access governance means that access is constantly monitored, controlled, and audited – with good visibility over all assets and identities in your IT infrastructure. When you do this, you can remove excessive privileges when they’re not needed, and reduce the risk of perpetual granted privileges – so any privileged access that a user has is granted to them for a reason.
With these priorities covered, you have a complete picture in terms of which users have access to which privileged areas of your network. You’re still able to assign privileges, but you’re monitoring and adapting those privileges in a proactive manner.
The bottom line? No user should have privileges that can’t be evaluated through security processes on a regular basis. Everything should be monitored – always.
P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action? Register now!