by Shane Whitlatch on May 30, 2018
Not keeping privileged user accounts secure is equal to handing over the keys to the kingdom
A thief is planning to rob a museum’s visiting jewelry exhibit. He or she could acquire the blueprints for the museum and plan an escape route, hack into the museum’s network and disable the security systems, and watch the security staff for days to learn their routines. Or he/she could just steal the keys to the museum and impersonate an employee.
If given the option, any reasonable thief would choose the second option. It’s the same return for less investment. Having the keys saves a lot of work. These days, when it comes to stealing your data, cybercriminals aren’t worried about bypassing your perimeter security and firewalls because they’ve found another way in, using rather simple tactics.
The Vulnerability of Privileged Users
By posing as an insider within your network, cybercriminals get the chance to obtain your sensitive data. If you were a criminal and you could be any insider, who would you be? The wise answer is a privileged user—someone with access to a wide array of data across the business that’s necessary to perform their job and therefore doesn’t raise any red flags when accessing data.