Not all accounts are created equal. Those that have special privileges and access are a prime target for hackers, and companies know it. But what can they do to protect these super users?
A recent survey by Thycotic, a privileged account management (PAM) and security firm, found that most companies know they need to take extra steps to protect these high-value targets. The State of PAM Security report showed three-quarters (77%) of respondents said controlling privileged users and their credentials was a security priority for the company.
For some, this level of control wasn’t even an optional choice. Sixty percent of survey respondents said controlling these accounts was a compliance requirement for the organization.
Challenges in protecting accounts
That said, it wasn’t always easy for respondents to secure these accounts. Sixteen percent of respondents disagreed or strongly disagreed that their organizations had strong password policies that were understood and enforced by senior staff members.
And two-thirds of organizations manually managed privileged account credentials. That opens the process up to lapses and risks that could be targeted by hackers.
Other shortcomings that put accounts at risk:
- 18% of respondents said they don’t always change vendor-supplied default passwords
- 30% didn’t require regular password changes or ban previously used passwords
- 13% allowed passwords to be shared between users, and
- 33% didn’t require multiple security pros to sign off on creating a privileged account.
What to do
It may not seem very democratic to have different requirements for different employees. But those who deal with the most sensitive information or the most valuable resources need to have added security layers to stay safe.
Investing in a security solution may be one option. But other best practices include:
- requiring additional or more frequent password changes for privileged users
- adding requirements for these accounts, such as longer or more complex passwords, and
- using two-factor authentication whenever possible.
