Privileged user accounts provide advanced access rights to critical systems and sensitive data. They are like VIP passes to a show – only the select few have them.
These accounts appeal to hackers because this access can give complete and unlimited access to your systems and data. They can then stealthily move throughout the network to compromise other systems within the breached environment.
In fact, recently Microsoft confirmed that hackers gained access to MSN, Outlook and Hotmail via a compromised user's credentials.
The Forrester Research Privileged Identity Management, Q4 2018 report estimates that 80% of data breaches involves theft of privileged credentials, such as passwords, tokens, keys and certificates.
How does PAM improve my security?
PAM or Privileged Access Management reduces the risk of these credentials being stolen. It helps organisations provide secure, privileged access to critical assets and enables them to:
- Discover privileged accounts on systems, devices and applications
- Automatically manage passwords and other credentials
- Control access to privileged accounts
- Isolate, monitor, record and audit privileged access sessions
Unfortunately, many organisations focus time and money on managing regular user accounts and underestimate the importance and risk presented by privileged accounts. Exploits of these accounts often begin with phishing schemes but they can also be via third parties’ digital access. A PWC survey found that 41% of privileged account incidents were via third-party business partners compared to 29% through current employees.