Story image

Hackers speak: Privileged accounts best way to steal data

25 Aug 17

From the mouths of the hackers themselves, organisations’ privileged accounts are the most attractive targets for gaining access to critical data.

Those are the results from Thycotic’s 2017 Black Hat survey, which quizzed more than 250 hackers on their methods of extracting critical data.

32% of hackers said that privileged account access was the primary way to get access to critical data, while 27% said email was the easiest way.

"Given that privileged accounts are prime targets for hackers, IT professionals should consider the opinions of the hackers themselves when it comes to protecting privileged accounts," comments Thychotic’s chief security scientist, Joseph Carson.

73% of hackers also said that perimeter security methods such as firewalls and antivirus products are now irrelevant or obsolete. They no longer provide effective barriers to getting inside networks.

Threat intelligence solutions, reputation feeds and education are also the weakest forms of security protection, according to the hackers.

Instead, 32% said multifactor authentication and 32% said encryption were the biggest obstacles facing hackers today.

"In today's connected world, organisations can no longer rely only on the traditional cybersecurity perimeter controls. The new cybersecurity perimeter must incorporate an identity firewall built around employee and data using Identity and Access Management technology controls which emphasizes the protection of privileged account credentials and enhancing user passwords across the enterprise with multi-factor authentication,” Carson continues.

85% of hackers said people were the primary sources of blame for security breaches, even more than inadequate security and unpatched software.

35% said that changing passwords and remembering new ones was a major source of cybersecurity fatigue.

"With traditional perimeter security technologies considered largely irrelevant, hackers are focusing more on gaining access to privileged accounts and email passwords by exploiting human vulnerabilities allowing the hacker to gain access abusing trusted identities," Carson explains.

"More than ever, it is critical for businesses to mitigate these risks by implementing the right technologies and process to ward off unsuspecting attacks and access to sensitive data."

Last month, Thycotic conducted its first annual State of Cybersecurity Metrics Report. Out of 400 respondents, 58% of organisations scored an ‘F’ or ‘D’ grade in terms of how they measure their cybersecurity investments and performance against best practices.

One in three organisations invested in cybersecurity solutions with no way to measure effectiveness or value.

"It's really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices," Carson notes.

"At a time when threats are escalating and the need for quantifiable metrics are putting security teams and executives under pressure, the 2017 State of Cybersecurity Metrics Report reveals what is actually occurring so that companies can produce assurances, remedy their errors and protect their businesses,” he concludes.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."