The Twitter hack last month demonstrates once again why managing access rights and user identities has become a critical element of cybersecurity. Hackers used stolen credentials to access the social media platform’s internal tools and commandeer the accounts of a virtual Who’s Who of politicians, celebrities and technology magnates.
The hackers managed to steal roughly $120,000 in Bitcoin, but it wasn’t the amount of the theft that raised eyebrows. It was the fact they were able to gain control of accounts belonging to President Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West and Kim Kardashian, among many others. Although there was initial speculation that the hack was the work of a sophisticated criminal ring, two teenagers and a 22-year-old were recently charged in the case.
Authorities say the hackers used social engineering techniques, including spear-phishing attacks on select Twitter executives, to obtain network credentials. With those credentials, they were then able to use a management dashboard that gave them direct access to user accounts. Twitter has confirmed that 130 accounts were targeted.
Threats Increasing
Compromised privileged accounts are a particularly dangerous threat. These accounts provide administrator-level access to servers, security systems, network devices, databases, applications and other resources. With privileged account credentials, hackers could potentially take full control of an organization's IT infrastructure, disable its security controls, steal confidential information, commit financial fraud and disrupt operations.
Despite the obvious risks, many organizations fail to adequately manage and secure privileged account credentials. In a recent survey from Netwrix, 56 percent of IT professionals admitted that they don’t review access rights regularly, and 30 percent said they grant permissions based solely on user requests. Predictably, 38 percent of them reported that their organizations suffered a data breach in the previous 12 months.
Such threats are likely to rise now that increasing numbers of remote users require privileged permissions for their daily activities. Organizations need an identity-based approach focused on ensuring that all users, devices and applications accessing the network are properly identified and authorized.
Setting Limits
Identity governance helps create such a security model by orchestrating a variety solutions and controls that verify the identity of every user and limit access privileges. In particular, identity governance involves the coordination and management of identity and access management (IAM) and privileged access management (PAM) tools.
IAM solutions provide a framework for verifying user identities. These solutions integrate a variety of tools such as user provisioning, password management and single sign-on into a comprehensive platform.
While IAM authenticates identities, PAM creates more granular visibility, control and auditing over privileged identities and activities. PAM solutions also make it very difficult to gain unauthorized access to privileged credentials by placing them inside an isolated and secure repository. Together, IAM and PAM can be used to enforce least-privilege access principles that ensure users can only access the data and systems necessary for their jobs.
Identity governance solutions are typically deployed on top of IAM and PAM solutions. Through a user-friendly interface, administrators can define, review and enforce access policies, audit user access and map policies to compliance requirements. Integrated analytics help administrators identify risks, pinpoint the origin of the risk and suspend compromised credentials when necessary.
Poor access management has become one the most serious security vulnerabilities organizations face today. Compromised privileged accounts are particularly dangerous because they can give hackers unfettered access across the entire network. Identity governance reduces risk by allowing administrators to manage access rights and user identities. If you have any concerns about your security posture or would like assistance identifying ways to improve your identity governance, contact us today.
