Why hackers love privileged accounts
Accessing privileged accounts is the hacker's number one choice of the easiest and fastest way to get access to critical data according to a new study.
Privileged account solutions specialist Thycotic carried out a survey of more than 250 hackers at 2017's Black Hat conference and found that 32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts.
Among other findings are that 73 percent of hackers believe the traditional security perimeter of firewalls and antivirus are irrelevant or obsolete. Also 85 percent blame humans for security breaches, more so than the lack of security or unpatched software.
"Given that privileged accounts are prime targets for hackers, IT professionals should consider the opinions of the hackers themselves when it comes to protecting privileged accounts," says Joseph Carson, chief security scientist at Thycotic. "In today's connected world, organizations can no longer rely only on the traditional cybersecurity perimeter controls. The new cybersecurity perimeter must incorporate an identity firewall built around employee and data using Identity and Access Management technology controls which emphasizes the protection of privileged account credentials and enhancing user passwords across the enterprise with multi-factor authentication."
More than a third of respondents to the survey (35 percent) claim remembering and changing passwords is the top source of cyber security fatigue among users. Threat Intelligence solutions are viewed as one of the least effective security protections, along with reputation feeds and education/awareness.
The measures that hackers don't like are multi-factor authentication and encryption, seen as the biggest obstacles by 38 percent and 32 percent respectively.
You can read more in the full report available from the Thycotic website and there's a summary of the findings as an infographic below.