Fake it til you make it: hackers finding success hiding behind real IT credentials
by Elizabeth Hulsey •
How important is it to protect people from themselves?
That’s a question on the minds of most chief security officers and CIOs entering 2016, following a year of massive data breaches, many of which were tied to misuse of privileged accounts or lack of adequate security measures around privileged users.
Other hallmarks of hacking such as persistence and innovation are very much evident, both traits used to prey on privileged users to grant cyber criminals access to IT systems that otherwise might be tough to crack. These can include targeted phishing attacks, seeking out the credentials of external third parties such as vendors, or obtaining passwords or account information that’s been mistakenly shared beyond the intended user.
These are some of the scenarios which can create “fake users”—those with real IT access credentials but that are not legitimate employees or other verified users.
Bomgar’s Joe Schorr is quoted in CIO discussing how difficult it can be for businesses to prevent hackers from accessing anything they want, once they enter the IT system undetected:
“Once they get in, they’re in, virtually walking around and discovering lots of new, interesting and cool stuff that they can get their claws into. They can pretty much take whatever they want once they’re inside,” Schorr said.
Schorr also warned that businesses aren’t going far enough to stop hackers from targeting their IT systems.
"They keep going until they find something or someone or somewhere they can get in,” he said.
So what can CIOs do to mitigate this risk? A good place to start is with a privileged access solution, and Bomgar’s got a checklist to help walk you through that process. As the New Year kicks into high gear, CIOs should make sure they’ve got the right solutions and processes in place to keep their critical systems safe from cyber criminals.
Elizabeth Hulsey is the Public Relations Specialist at Bomgar