Login details for an administrator or other privileged account falling into the wrong hands can have serious consequences for a business.
But a new global security survey from Dell reveals that organizations have haphazard processes for managing administrative or other privileged accounts, making them vulnerable to security breaches.
Among the findings are that 76 percent of IT security professionals believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 percent of respondents have a defined process for managing privileged accounts, but admit they aren't diligent about following it. In fact, almost 30 percent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these processes prone to error and easily compromised, they can impede quick resolution in time-critical situations.
The three most critical account management issues are listed as, default admin passwords on hardware and software not being consistently changed (37 percent), multiple admins sharing a common set of credentials (37 percent), and an inability to consistently identify individuals responsible for administrator activities (31 percent).
Although over 75 percent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organization, only 26 percent say they change admin passwords monthly on mission critical systems and devices.
"Privileged accounts really are the 'keys to the kingdom,' which is why hackers seek them out and why we've seen so many high-profile breaches over the past few years use these critical credentials," says John Milburn, executive director and general manager, Identity and Access Management at Dell Security. "To alleviate this risk and ensure these accounts are controlled and secured, it's absolutely crucial for organizations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organizational assets from breaches. Dell Security solutions cover the entire range of customer needs, including privilege safe, delegation/least-privileged access, and audit and monitoring, along with significant, integrated adjacent technologies for Active Directory bridge and multifactor authentication".
More about the report and best practices for securing privileged accounts is available on the Dell Security website.
Image Credit: Africa Studio / Shutterstock