Technology can be like old clothes. There’s a level of comfort in holding onto software you’ve been using for years. But, there’s also discomfort when you outgrow its usefulness.
Without any privileged password management controls, most long-term enterprise employees collect credentials like a janitor collects keys.
The goal of any security program is to stop or mitigate a threat. To resolve the administrative credentials security threat, you must regularly change the administrator passwords. And then make each password unique.
What’s trending in the cyber security industry? Identity Week sat down recently with Jonathan Sander, VP of Product Strategy at Lieberman Software and veteran cyber security expert, to discuss insider attacks, password security, and lessons learned from major data breaches.
In many of the IT shops I’ve seen, all the systems have the same administrator account name and the same basic password. And, in most of these cases, this password has not been changed since the systems were deployed.
Changing user passwords on a regular basis has long been a basic – and well known – tenet of IT security. But when it comes to password security, privileged passwords (admin, root and such) are often overlooked.
Whenever new computers and applications are deployed on a network, they can introduce unforeseen security risks. Shared and default privileged account passwords are introduced through deployment scripts, ghosted images, default appliance credentials and developer “back doors.”
However, despite the occasional outlandish blunder, most of the IT security mistakes we witness are fairly common and predictable. In our experience, here are the five most frequent information security errors that organizations make:
A destructive data breach can begin with the compromise of just one privileged account. Criminal hackers and malicious insiders can exploit an unsecured privileged account to gain the persistent, administrative access they need to anonymously extract sensitive data over an extended period of time.
Before Edward Snowden there was Terry Childs. The original poster boy for everything that can go wrong when an organization doesn’t lock down and audit access to its powerful privileged passwords – from insiders as well as outsiders.