Five Lessons From Privileged Access Management Experts in 2019

Five Lessons From Privileged Access Management Experts in 2019

What are five lessons from privileged access management experts in the wake of 2019 data breaches? 

Throughout 2019, enterprises learned the hard way about the necessity of privileged access management to prevent data breaches. Indeed, privileged access solution provider Centrify found 74% of data breaches begin with a compromised privileged account.

However, enterprises continue to neglect their privileged access management even as the data breaches pile up. Centrify found 52% of enterprises don’t have a password vault and 65% still share their privileged access. Moreover, 21% still don’t use multifactor authentication. Regardless if this stems from neglect or ignorance, this must change.  

If any of this applies to your enterprise, you need a wake-up call. Here are five lessons from privileged access management experts to help you in 2019 and beyond.  

Five Lessons From Privileged Access Management Experts in 2019      

The Quest Diagnostics Breach

We reported on the Quest Diagnostics Breach on June 4, 2019. These comments come from Dana Tamir, Vice President of Market Strategy at Silverfort

“Today, more than ever, hackers are exploiting weak and stolen credentials to gain unauthorized access to sensitive systems and data. The best way to prevent unauthorized access is by enforcing multi-factor authentication (MFA); Requiring users to authenticate with a 2nd factor (via a mobile app, smart card, one-time-passwords, etc) ensures that only authorized users can access sensitive systems. Yet most of our sensitive systems still rely on password-only authentication mechanisms, which can be easily bypassed.”

The Chipotle Credential Stuffing Attack

We reported on the Chipotle Credential Stuffing Attack on April 18, 2019. We here quote Adam Laub, SVP of Product Management at STEALTHbits Technologies

“While password reuse across sites is what makes credential stuffing attacks so successful, credential stuffing isn’t the only weapon in an attacker’s arsenal. The use of weak, default, or stolen passwords period is enough to make an account vulnerable, especially with alternative techniques like Password Spraying. With Password Spraying, an attacker can try a small number of highly common passwords against large numbers of accounts while also staying below lockout thresholds, compromising accounts without any elevated privileges and likely without detection.”

With so little information, it’s hard to say for sure if additional techniques are in play. But the point is that just like there’s more than one way to build your burrito bowl, there’s (way) more than one way to compromise your account.”

The VFEmail Incident

We reported on the VFEmail Incident on February 12, 2019. These comments come from Fausto Oliveira, Principal Security Architect at Acceptto.

“The fact that attackers were able to access and erase all the information demonstrates that the systems were not protected in an effective way. Critical systems, such as these that host customer data, must be protected with enhanced security and all operations must be protected using intelligent Multi-Factor Authentication solutions. If those controls were in place, an operation that deviates from trusted behavior would have raised the friction towards the attackers and provide immutable logs showing that the attack was in progress, allowing VFEmail to react quickly and potentially stop the breach before data was destroyed.”  

The State Farm Credential Stuffing Attack 

We reported on the State Farm Credential Stuffing Attack on August 9, 2019. These expert opinions come from Vinay Sridhara, Chief Technical Officer at Balbix.  

“Credential stuffing attacks are becoming a frequent threat as companies such as PCM, Sky and Dunkin’ Donuts have all learned this year. The fact is that the credential stuffing attacks are just one attack vector companies must be prepared to defend against. Organizations are tasked with the cumbersome burden of continuously monitoring all assets across hundreds of potential attack vectors to detect vulnerabilities. 

This involves analyzing tens of billions of time-varying data signals, a task that is not a human-scale problem anymore. The key to thwarting future attacks like what State Farm has suffered is to leverage security tools that employ AI and ML to observe and analyze these data points in real-time and derive insights to prioritize which vulnerabilities to fix first, based on risk and business criticality. Proactively managing risk must become the new norm.”

The MoviePass Data Exposure

We reported on the MoviePass Data Exposure on August 21, 2019. Here, we quote Robert Prigge, President of Jumio

“What’s also clear is that KBA (knowledge-based authentication), which relies on the notion of shared secrets, should be heavily scrutinized as a reliable means of authentication. 

Why? Given that more and more of our supposed shared secrets are now available for pennies on the dark web, the job of the fraudster—especially those focused on account takeovers—just got a little bit easier.”

How to Learn More

Thanks to our privileged access management experts for their time and expertise! To learn more, be sure to check our 2019 Privileged Access Management Buyer’s Guide; you can also download our 2019 Identity Management Buyer’s Guide. We cover the top solution providers in both markets and their key capabilities. Also, we provide a Bottom Line analysis on each vendor. 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner