The computer policy of the least privilege is not only an important principle but rather a critical piece of IT security precaution these days. Any organization should practice it, in order to lessen the possibility of unauthorized access or stolen account causing trouble for a system, especially in cloud-based apps and critical IT infrastructures. This is the highlight of the survey conducted by Centrify, a Privileged Access Management provider. The survey revealed that the use of the privileged account (also known as admin or root access) is still not regularly regulated on many firms. With 1,000 IT leaders as participants from both the U.K. and the U.S., 74% admitted that the data breach often caused by a privileged account.
The survey results highlight the non-usage of password managers (52%), sharing of administrator account across many users (65%), Inefficient User Account Management (63%) and accessing systems without 2-factor authentication (AKA MFA, or multiple-factor authentication).“Forrester had already estimated that privileged credential abuse was the leading attack vector, but now we have the empirical research to back it up. What’s alarming is that most organizations aren’t taking the most basic steps to reduce their risk of being breached. It’s not surprising that Forrester has found 66 percent of companies have been breached five or more times. It’s well past time to secure privileged access with a Zero Trust approach, and many organizations can significantly harden their security posture with low-hanging fruit like a password vault and MFA”, explained Centrify CEO, Tim Steinkopf.
Before end-user education, IT staff needs to possess the information and awareness with the existence of multi-factor authentication, its importance and advantages in securing an organization. Unfortunately, based on the study, 64% of the respondents from U.K. are not confident with their current corporate IT security policy, in the U.S. this number is much lower, but still a bothersome 35% of the respondents.
In the age where ‘Digital Transformation’ is a big buzzword in running a business, any business for that matter, it is very crucial that companies enforce the use of password-managers. This is in order to store critical system passwords safely instead of relying on human memory to ‘remember’ them all or write it on paper which is a very insecure practice.
“Today’s environment is much different than when all privileged access was constrained to systems and resources inside the network. Privileged access now not only covers infrastructure, databases and network devices, but is extended to cloud environments, Big Data, DevOps, containers and more,” added Steinkpf.
Other data revealed by the survey also deserved to be discussed and reviewed such as:
- 72% of organizations that uses container systems have no definite user account control policies.
- 68% of switches and routers are misconfigured, hence opening the organizations from certain network-vulnerability attacks.
- 58% of organizations handling big data has not updated their procedures in data handling fit for the big data they hold.
- 45% of public and private cloud systems that organizations use have no strict control when it comes to admin accounts.