By Morey J. Haber CTO, CISO BeyondTrust
Each year, Verizon publishes their Data Breach Investigations Report (DBIR), and BeyondTrust publishes its Privileged Access Threat Report. Each report provides valuable data for information and security technology professionals around cybersecurity trends, perceptions, cyberattack methods, causes of breaches, and more. With both reports in front of us, we can make further deductions about cyberthreats, particularly the most dangerous ones—privileged threats, along with the best strategies to mitigate them. That is the focus of this blog.
Deducing the Top Privileged Threats from Available Data
In June 2019, BeyondTrust published this year’s Privileged Access Threat Report. To produce the report, we first surveyed over 1,000 IT decision-makers across a diverse set of industries throughout the U.S, EMEA, and APAC to gauge the perceived threats facing organizations and the risks of privileged attack vectors. The survey generated some noteworthy data around breaches and poor cybersecurity practices:
But what are the attack vectors that drive these opinions—and fears?
According to the 2019 Verizon Data Breach Investigation Report (DBIR), use of stolen credentials is the second most common threat activity attackers leverage to breach an environment (Figure 12 of the DBIR – Top Threat Action Varieties), just below Phishing, and stolen credentials are the leading hacking method illustrated in Figure 13 of the DBIR (Top hacking action varieties in breaches). Additionally, Figure 35 in the DBIR reveals that Privilege Misuse is by far the leading security incident pattern (out of 9 patterns total that are responsible for 98.5% of security incidents).
Stolen credentials are most often used on mail servers leading to a variety of identity-based attack vectors. Unfortunately, the actual techniques used for obtaining and applying stolen credentials are not covered in the Verizon report. But that doesn’t mean the answers are beyond our grasp.
According to the BeyondTrust report’s findings, we can conclude that well more than half of employees and vendors have been the source of a breach, and also that poor cybersecurity hygiene for credentials and passwords are the prime cause for these breaches.
Combining the Verizon and BeyondTrust data points, we can deduce the following as the top privileged attack vector techniques used and why they are an unacceptable risk for any business:
Need further validation? Forrester Research estimates that privileged credentials are implicated in 80% of data breaches. The correlation of all three reports reaffirms these conclusions.
Preventing & Mitigating Privileged Attack Vectors
Now, the question becomes – what can organizations and users do to resolve these privileged attack vectors?
To begin, consider the following universal cybersecurity best practices regarding credential and password management:
While the implementation of these concepts may seem daunting and unachievable for many organizations, these goals are practical and well within your reach—but they do require your adoption of a formal Privileged Access Management (PAM) program. PAM, implemented via a true enterprise platform, will enable you to reduce risk, mitigate the attack vectors, and reliably adhere to cybersecurity best practices.
Here’s what a successful PAM journey within an organization encompasses:
These practices ensure that credentials and passwords are robustly resistant to hacking attempts. In addition, should the credentials ever become compromised, the risk and damage from any exploit can be mitigated. Reducing the privileges of the credentials to those of a standard user makes it exceedingly difficult for a threat actor to use privileged attack vectors (stolen credentials) as a method of compromise.
Next Steps in Eradicating Privileged Threat Vectors from your Environment
The BeyondTrust Privileged Access Threat Report highlights the fears, knowledge, and security risks that information technology and security professionals deal with every day. Combining these findings with those of the Verizon DBIR and other benchmark studies provides us with further insights into the most common methods used by attackers to breach your defenses.
Stolen Credentials is the top method hackers target to freely navigate their way around an organization. Privilege Misuse is the most common pattern associated with security incidents. The privileged attack vectors responsible for stolen credentials / privilege misuse are well known, and the cybersecurity best practices to mitigate them can be consistently applied via an enterprise privileged access management solution.
The 2019 Privileged Access Threat Report does leave us with one nugget of optimism--90% of those with fully integrated PAM tools are confident in their ability to identify specific threats from employees and vendors with privileged access. How confident are you in your own organization’s PAM abilities?
Interested in more resources on continuing your PAM Journey? Check out:
Or, just contact BeyondTrust.
You have missed out some details, please try again.