Login details for an administrator or other privileged account falling into the wrong hands can have serious consequences for a business.
But a new global security survey from Dell reveals that organisations have haphazard processes for managing administrative or other privileged accounts, making them vulnerable to security breaches.
Among the findings are that 76 per cent of IT security professionals believe better control of privileged accounts would reduce the likelihood of a breach. Nearly 80 per cent of respondents have a defined process for managing privileged accounts, but admit they aren't diligent about following it. In fact, almost 30 per cent say they still use manual processes such as Excel or other spreadsheets to manage privileged accounts. Not only are these processes prone to error and easily compromised, they can impede quick resolution in time-critical situations.
The three most critical account management issues are listed as, default admin passwords on hardware and software not being consistently changed (37 per cent), multiple admins sharing a common set of credentials (37 per cent), and an inability to consistently identify individuals responsible for administrator activities (31 per cent).
Although over 75 per cent say they have a defined process for changing the default admin password on hardware and software as new resources are brought into the organisation, only 26 per cent say they change admin passwords monthly on mission critical systems and devices.
"Privileged accounts really are the 'keys to the kingdom,' which is why hackers seek them out and why we've seen so many high-profile breaches over the past few years use these critical credentials," says John Milburn, executive director and general manager, Identity and Access Management at Dell Security. "To alleviate this risk and ensure these accounts are controlled and secured, it's absolutely crucial for organisations to have a secure, auditable process to protect them. A good privileged account management strategy includes a password safe, as well as least-privileged control to protect organisational assets from breaches.
"Dell Security solutions cover the entire range of customer needs, including privilege safe, delegation/least-privileged access, and audit and monitoring, along with significant, integrated adjacent technologies for Active Directory bridge and multifactor authentication".
More about the report and best practices for securing privileged accounts is available on the Dell Security website.