How Privileged Users Become Privileged Targets for Hackers

Who are your business’ privileged users? This isn’t an idle question, but instead one of the fundamental questions of modern cybersecurity. Without knowledge of your most privileged users, hackers can (and will) exploit those accounts, and inflict devastation. 

According to a 2019 Centrify study, 74 percent of enterprises who suffered a breach noted the involvement of compromised privileged access accounts. Nothing about the period since that study’s release indicates hackers utilizing new tactics. If it isn’t broken, why fix it? 

So how do privileged users become privileged targets for cyber-threats? How can your enterprise step up in protecting these critical attack vectors? 

How Privileged Users Become Privileged Targets

1. Who, Exactly, Has Privileges? 

Let’s define some terms. A “privileged user” refers to users in your IT environment with permissions beyond the scope of the ordinary user. For example, they may possess permissions that enable them to access more sensitive data or to reconfigure the IT environment itself. Additionally, they could possibly assign new privileges to others or change workflows. 

Obviously, it doesn’t take a genius to recognize how these powers might end up causing serious damage in the wrong hands. Hackers could steal data or finances, cause IT downtime, assign themselves new privileges for long-term reconnaissance, or other nefarious acts. 

However, the problem isn’t recognizing the potential threat of privileged users, but recognizing who has those powers. Privilege escalation doesn’t just occur as part of cyber-attacks; it can just occur naturally as part of temporary workflows, new assignments, and more. Eventually, an ordinary user might become a privileged user without ever realizing it. 

Moreover, some privileged users may have unnecessary privileges; for example, the head of HR may have direct access to company finances, which bodes poorly where cybersecurity is concerned. Further, you need to consider orphaned accounts due to poor offboarding, which leaves open wounds in your perimeter. 

What can your enterprise do? Ironically, while deploying a privileged access management solution proves essential in these scenarios, you also need identity governance and administration (IGA). IGA solutions help find users with privileges, enabling IT security teams to rescind unnecessary privileges and close orphaned accounts. Additionally, privileged access management helps with the offboarding process, preventing orphaned accounts in the first place. 

2. Does Your Cybersecurity Encourage Good Decision-Making? 

If your enterprise still uses passwords, that might end up being your first problem; you need to deploy multifactor authentication immediately. 

However, passwords still end up in most multifactor authentication deployments, and if so you need to encourage your users to follow best practices. Passwords are notoriously weak and easy-to-guess or crack, and users often use repeated passwords. In other words, hackers often breeze through one layer of the authentication process, which negates its effectiveness. 

Additionally, in 2019 Centrify found 65 percent of users admit to sharing root or privileged access. This needs to stop immediately, both through solution capabilities and through consistent educational efforts. The former however comes from more efficient privileged access assignment and control/monitoring systems, which in turn come from a dedicated solution. 

Privileged Access Management solutions provide multifactor authentication and often provide password vaults to encourage stronger password behaviors. It’s an incentive built into the very protection you need. 

3. What Happens After? 

Critically, a common mistake enterprises make is to frontload their cybersecurity at the login page. Many fail to recognize the danger of not monitoring users once they pass authentication. Even the strongest multifactor authentication can fail every once in a while, and if that happens hackers can’t have free reign. If you can’t see what your privileged users do with their powers, then you might as well let hackers walk all over you. 

Thankfully, privileged access management offers tools designed to enforce more continuous authentication. These include session management and automatic session ending, which enables IT security teams to monitor privileged users after they pass authentication and look for possible compromised accounts. 

The faster you can respond to a threat, the stronger your overall cybersecurity. It really is as simple as that. 

To learn more, be sure to check out our Privileged Access Management Guide.