When it comes to security, humans are generally regarded as the weakest link. Each year, thousands of organisations are negatively impacted by data breaches, with studies indicating that they are increasing in frequency and cost burden.
According to the 2023 Cost of a Data Breach Report, published by IBM Security, the average cost of a data breach for a South African organisation is around R49-million, with the financial, industrial, services and healthcare sectors at the most risk.
Most cyber threats result from stolen or compromised credentials and phishing scams, followed by attacks through compromised business e-mails.
Privileged access management (PAM) is an identity security solution that helps protect organisations from cyber threats by controlling and monitoring access to privileged accounts.
Examples of privileged accounts are administrative accounts and service accounts, those used to access and manage critical resources. PAM adds a protection layer by working on the principle of least privilege – where employees have just enough access to do their jobs.
PAM solutions give organisations visibility into who uses privileged accounts and what they do while logged in. By limiting the number of users who have access to administrative functions, organisations can increase security. Additional layers of protection can be added to mitigate data breaches by threat actors.
In addition to identifying malicious activities linked to privilege abuse, a PAM solution helps organisations minimise the potential for a security breach and, in the event of a breach, helps limit its reach within the organisation’s system. It also reduces entry points and pathways for threat actors through limited privileges for people, processes and applications helping to protect against internal and external threats. In the event of a malware attack, a PAM solution makes it possible to remove excessive privileges to help reduce its spread.
Lodewyk de Beer, head of managed security services at Altron Security, reveals that many organisations don’t fully understand why there is a need to implement a PAM solution until a cyber breach occurs, and then they do so reactively.
“The biggest challenge with an account linked to a human – or named accounts – is that passwords are often shared or written down. Most users don’t reset their passwords regularly, compromising network security.
“Humans are inherently curious so it’s difficult for them to avoid what is often very sophisticated clickbait to lure them into a hacker’s orbit. Access is then gained to the same systems which the user has access.
“If this user is a system administrator, it is almost certain that administrative account credentials are cashed on these systems. Hackers will find these cached credentials and use them to gain administrative access to systems.”
An even bigger challenge is service accounts, which are notoriously difficult to manage and secure. “Not only are service accounts hard to identify, but it is notoriously difficult to identify all service dependencies, or all the services that use a specific service account. This then makes it very hard to manage the credentials for service accounts, which in turn make them very vulnerable for attacks,” says De Beer.
For hackers, the holy grail is access to an organisation’s domain controller. “Once hackers have access to the domain controller, via lateral movement across a network, they have the freedom to do anything including installing ransomware, locking or stealing data or causing damage.”
Altron Security’s Managed Security Services takes a holistic view of an organisation’s security with three guiding principles underpinning its approach: limiting privileged escalation and abuse, stopping lateral and vertical movement, and preventing credential theft.
“The most common identity security ‘blind spots’ are critical systems and protocols that don’t support multi-factor authentication (MFA); difficulties in mapping and protecting service accounts; and instances where security for privileged access is partial or even bypassed. The reality, however, is that breaches don’t only occur in obvious places but can also occur anywhere with privileged data. Any gaps in visibility and detection pose a significant risk to organisations,” explains De Beer.