Get Cyber Security Right in 2017: Prioritize Privilege
January 12, 2017 | Security and Risk | John Worrall
Prudent organizations understand the need to have a cyber security program in place to protect assets, but it can be difficult to determine which investments will provide the best business value when making the budget case to C-level executives. This is true whether establishing a new security program or updating an existing one.
When making security plans for 2017, consider a risk-based approach focused on the paths that attackers often take to access the most critical assets in an organization. There are plenty of industry reports and government recommendations flagging the importance of securing privileged accounts and credentials—take your pick. The role they play in advanced attacks is well documented.
Privileged accounts are the gateway to your organization’s assets
Privileged accounts give access to a wide range of assets, often with authority to make changes in settings and configurations. This makes privileged accounts the gateway to your assets. The credentials for these accounts—including cryptographic keys, passwords and hashes—are the keys to these gateways; they allow attackers who have breached the perimeter to travel horizontally and vertically throughout a network to reach and exploit their desired targets.
CyberArk research has found that, on average, 40 percent of the Windows hosts on a given network, if compromised, would provide an attacker credentials that would facilitate complete compromise of the vast majority of the other Windows hosts on that network—whether directly or through a series of compromises. Although 100 percent security of your network is not feasible, denying an intruder access to privileged credentials is a critical first step in reducing risk to your most valuable assets.
Prioritizing the security of your privileged accounts is not only a good security plan, it is also a good business plan.
Making the business case for privileged account security
Most C-level executives are not hands-on in IT, but they understand the need to protect an organization’s assets, brand and reputation. Effective cyber security is necessary because if you lose administrative control of your infrastructure, you’ve lost control of your business. Your infrastructure no longer is working for you; it’s working for the intruder.
When making the case for prioritizing privileged account security, consider the following points:
- Metrics: Establish success metrics for your cyber security program and show the progress made in improving your organizations’ security posture.
- Discover the privileged accounts on your network and identify what assets they have access to.
- Prioritize these accounts according to the risks they represent and create a tiered plan for securing them over time.
- Document and report progress in securing the accounts and their credentials.
- Demonstrate value: Reduce your organization’s exposure to intruders and show the value this provides to the overall cyber security program.
- Identify the areas of greatest business impact (such as most sensitive operations, most valuable lines of business, markets with greatest growth potential, etc.)
- Define the attack surface of these areas based on their exposure through privileged accounts.
- Demonstrate the reduction of the attack surface through progress in securing the accounts.
Prioritize privilege now
An effective cyber security program is a must for your organization, and the best return on your investment comes from protecting the privileged accounts and credentials that intruders exploit. If you don’t do it now, you will have to do it after an intruder has breached your perimeter. Why wait?
Here are the top five reasons to prioritize privilege account security:
- Privilege is the road most traveled by attackers moving through your network.
- Privileged accounts represent the express lane to your domain controllers, giving control of the infrastructure.
- Your security systems need to be secure; securing privileged accounts protects them.
- It’s a single solution to protect against both insider threats and external attackers.
- Securing privileged accounts is the first action you will have to take following a breach.
Take the first step
Make sure you know your network better than attackers. Take inventory of your privileged accounts. CyberArk Discovery & Audit™ (DNA) is a free tool available to help organizations discover privileged accounts both on-premises and in the cloud. Use the results to assess security risks, identify accounts with local administrator rights, and identify machines vulnerable to credential theft. Prioritizing the risks lets you begin improving security right away.