When it comes to high profile attacks, the most common attack vector is the exploitation of privileged access points, a new study said.
These privileged access points usually consist of administrative or privileged accounts, application backdoors, and hardcoded or default passwords, according to information security firm Cyber-Ark labs.
In recent months, privileged access points have been a big part in the Flame attacks, and the ones against companies such as Subway and the Shamoon attack against Saudi Aramco.
Cyber criminals are well aware of the power and wide ranging access provided by these access points, which is the main reason why future attacks will also target them, said Adam Bosnian, executive vice president Americas of Cyber-Ark Software.
“Unsecured critical access points are a threat to all sensitive corporate data and systems and represent the greatest security challenge most businesses will face. Identifying all privileged access points and locking them down should be a priority for any security and compliance conscious executive,” Bosnian said.
That is where a solid defense in depth program comes into play. But before anyone can employ a defense in depth profile, they need to conduct a risk assessment to know where their access points are and then find a way to protect against those weaknesses.