Privileged Accounts, the Anomaly of Cybersecurity

By Eric Noonan • March 26, 2015

Despite the advances in security surrounding user accounts, there is still one type of account that has proven to be an anomaly in the cybersecurity world – privileged accounts. Standard user accounts at one time represented a significant issue for businesses but over the years security technologies and business processes have evolved to become very good at automating the control and access of standard user accounts. From onboarding and termination processes, inactivity lockouts, authoritative source correlations, and role-based access permission models, businesses today are efficiently managing the end-to-end life cycle of standard user accounts.

This is a very common and natural progression and evolution for an area that is weak in cybersecurity. On the other hand, when we look at privileged accounts, which represent the most important and powerful users, we see an anomaly in the natural evolution of cybersecurity and a massive disconnect from the businesses reality to cybersecurity.

Bloomberg Businessweek recently reported that the global cost of cybercrime is more than $400 billion. In our joint-research report with CyberArk, a company dedicated to protecting high-value assets, we found that accounts with elevated privlieges were involved in 100% of cybersecurity attack breaches. This has been a reoccurring theme with similar findings in the Verzion’s 2014 Data Breach Investigations Report. Privileged accounts are significantly undervalued in their criticality and risk to the business. This has driven the advancement of a set of security tools that specialize in privileged accounts with varied acronyms, such as Privileged User Management (PUM), Privileged Identity Management (PIM), and Privileged Account Management (PAM), to name a few. In short, these tools apply a strictly enforced set of processes around the management of privileged account but implementing these tools can be difficult as IT teams have a tendency to exhibit prejudice towards anything that may add an extra step to their daily operations.

Udi Mokady, CEO of CyberArk, stated that for many larger organizations there are three to four times as many privileged accounts as there are standard user accounts. Coupled with an overabundance of data showing that attackers target privileged accounts and regulatory compliance mandates (e.g. PCI) stringent security controls for these accounts, the question must be asked- why aren’t businesses doing more to protect them?


As one CIO from a Global Products and Services Company astutely put it,
“I can measure the importance of privilege accounts in gigabytes exfiltrated.”

Unfortunately the solution isn’t as black and white as it may seem. Specifically, there are two types of privileged accounts that businesses find predominantly difficult to secure: service accounts and local administrator accounts. Both are hard to find due to the disparate variables used to reliably identify them. Moreover, local administrators can sometimes be necessary for teams to execute their responsibilities and likewise, service accounts are often essential to system and application integration by facilitating communication and action within a complex distributed computing environment.

What is the way forward? The standard Identity Management (IdM) solution isn’t enough. Extend your IdM solution with a Privileged identity Management (PIM) application that brings forward identity controls to privileged accounts across your environment. Select a PIM application that meets demands of your business. SOX, PCI, HIPAA, to NERC-CIP all contain mandates that require stringent security controls over data, access to that data, and user accounts.

Let the identity management experts at CyberSheath help you manage all accounts with access to critical data and infrastructure. CyberSheath has partnered with CyberArk to deliver CyberArk’s best-of-breed Privileged Account Security suite with a ground-breaking toolset. In addition to knowledge of industry best practices, CyberSheath engineers can use CyberArk’s DNA tool to discover exposed accounts and oversaturation of administrative and Root account access that inevitably exists in organizations. CyberSheath engineers are experienced in reading DNA mappings and applying the findings to real-world solutions.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft