November 12, 2015 By Douglas Bonderud 3 min read

Privileged accounts represent a paradox for IT professionals: While high-level access is required for specific users to complete business-critical tasks and many take pride in earning this level of access, their login credentials make tempting targets for attackers looking to infiltrate corporate networks.

According to Threatpost, which was reporting on a recent CyberArk study, 88 percent of networks are at risk of being compromised through stolen and reused account information. Can companies find a solution that doesn’t impact performance and limits the risk of credential-based attacks?

Rising Concern

As noted by Channel Insider, 61 percent of CyberArk survey respondents said that privileged account takeover “was the most difficult stage of an attack to mitigate” — up a full 15 percent from 2014. Stolen accounts also ranked at the top of companies’ security concerns, with 38 percent listing them ahead of other threats like phishing (27 percent) and malware (23 percent).

Even more worrisome? Despite increasing awareness of the risks associated with privileged accounts, many companies remain overconfident in their ability to detect an attack “within days” of attackers breaching their network.

So what’s the real risk of a hacked admin account? Are the consequences so dire? Short answer: absolutely. The survey found that 40 percent of Windows hosts could lead to “complete compromise” if hacked, and that many of these hosts were “high risk,” meaning they can access more than 80 percent of the networks’ other credentials. If high-level account data is stolen and the theft goes undetected, cybercriminals can often use that information to compromise all Windows hosts on a system, effectively granting them unfettered access.

Risk Factors

If privileged accounts cause such problems for IT professionals, why not simply lock down the system altogether? Pursuing this avenue, however, leads to multiple problems. First is pushback from employees who believe they’ve earned the ability to access corporate data even if it’s not directly related to their work.

In addition, this kind of lockdown causes an IT bottleneck, with users constantly running into password bulwarks and unable to access data they need to complete assigned tasks. And when the role of IT shifts to password gatekeepers, other technology infrastructure suffers for lack of time. Simply put, the hit to performance isn’t worth the effort of eliminating privilege altogether.

A recent Blouin News article, however, suggested that the current model of admin account management — which sees IT and account holders equally responsible for securing access — isn’t working out. Fewer than half of those asked in a recent Dell survey said they logged the use of admin credentials, while just 26 percent of account holders changed their password on a monthly basis. Placing blame is also problematic: CyberArk found that 48 percent of respondents called out poor employee security habits while 29 percent argued that hacks were simply too sophisticated to counter.

The Role of IT Professionals

Some users need high-level access — CISO, security professionals and project managers come to mind — but every account with raised permissions is another potential access point for cybercriminals looking to compromise corporate networks. And with companies overestimating their ability to catch cybercriminals in the act, a new strategy is required — one that builds security from the bottom up rather than trying to secure accounts from the top down.

Ideally, it takes the form of role-based management that ties high-level oversight to high-value access. If IT professionals know when and where these credentials are used, it becomes a much simpler task to detect odd behavior or lock accounts.

Bottom line? It’s not worth playing the blame game or fighting with users to trim down their permissions bit by bit. With almost 90 percent of networks at risk, IT professionals are best served with investment in oversight — what happens on the network must be readily apparent to those tasked with managing IT risk.

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today