Page 6 - index
P. 6
RESEARCH, ANALYSIS & TRENDS
Sensitive credentials are
the keys to large amounts
of critical data, according
to hackers
spondents said they had never seen this, meaning 94%
“In today’s cybersecurity arena, the notion of using a find privileged credentials in unprotected files at least
traditional perimeter firewall as your primary line of de- some of the time. In fact, 50% of hackers said this is
fense is no longer the impenetrable wall it used to be, the case either “all of the time” (20%) or “most of the
as hackers and malicious actors consistently find ways time” (30%) when they get their foot into the door of a
to sneak past the first trusted layer of defense”, states network and start looking around.
Thycotic, a provider of smart and effective privileged
account management solutions. Rather, it even seems The dangers here are immeasurable, as privileged ac-
that the more security solutions and tools are deployed, count credentials essentially serve as the keys to un-
the more vulnerabilities are introduced that can lead to lock virtually any part of the network, including mission
network penetration, the company claims.
critical data sources. The survey revealed that 45% of
the hacker community identified privileged credentials
Moreover, the combination of BYOD, distributed net-
works, mismanaged user access, and the sheer volume
of external attacks have created a complex series of
threat vectors that require unique defense-in-depth
strategies, starting with inside the perimeter at the core
of the infrastructure and working outward from there.
"Perhaps not surprising to those in the cybersecurity
industry, it is apparent that for all the new defensive so-
lutions that have been introduced, we still haven't
cracked the code on how best to protect mission-critical
data and company secrets. In fact, in some cases, we're
only adding additional layers of complexity which pro-
vide attackers more attack vectors to use to break in,"
said Nathan Wenzler, senior technology evangelist at
Thycotic.
as their favorite target, while only 33% chose end user
In an effort to learn more about the methods, by which credentials as the easiest way to get what they are af-
hackers are able to successfully break into and compro- ter.
mise enterprise networks, Thycotic sponsored an official
poll at the conference venue in Las Vegas at Black Hat Other key findings from the survey include that:
USA 2015, on August 5th that has been conducted live.
The company secured 201 responses from both self-
identified white hat and black hat hackers, and the re- 9 out of 10 respondents said it is as easy - or even
sults documented herein reveal some of the methods easier - to compromise privileged account creden-
tials now than it was two years ago
they use to infiltrate networks, and demonstrate the fo-
cus with which they target privileged account creden-
tials. Healthcare organizations were indicated (29%) to be
Interestingly, the survey revealed that a majority (75%) the primary target for breach vulnerability, followed
of hackers have not seen a fundamental change in the by financial services companies (25%) and govern-
level of difficulty in compromising privileged account ment organizations (24%).
credentials, despite an overall increase in IT security
spending over the past two years. It is clear from the data exposed end-user credentials
still pose a major risk because they are often the first
Among other topics, Thycotic asked hackers how often target utilized in the attack chain to gain entry-level ac-
they come across privileged account credentials – argu- cess into the network. Using this as a foothold in the
ably the most important source of access to a network – network, attackers then leverage a myriad of methods
in unprotected files like spreadsheets. Only 6% of re- to elevate the privileges of those end-user accounts or
compromise existing privileged accounts in order to
6 Asian eMarketing August 2015: Security
6
