To secure privileged accounts, Asian banks should first identify such accounts, advised Worrall. By having an idea of the total number of privileged accounts and what systems or apps those accounts control, banks could then develop an effective risk plan.
Next, the credentials of those accounts should be stored in a vault, which is only accessible to authorised users and is able to secure, manage and track the use of privileged credentials anywhere. Credentials to be secured should not only be limited to passwords, but also include Secure Shell (SSH) keys, asserted Worrall. SSH keys are often created by IT professionals to get direct, root access to critical systems without involving passwords. However, SSH keys are usually forgotten after being created and distributed, as they are commonly used to automate application-to-application authentication. Since cyber criminals could exploit this vulnerability to gain privileged access to critical systems, there is a need for banks to think about securing their SSH keys.
Finally, Asian banks should deploy security solutions that offer behaviour-based detection instead of rule-based detection. "Such solutions use behavioural analytics to continuously learn the administrator/user behavior and adjusts risk assessments based on the authorised privileged user activity patterns. By detecting of a range of anomalies in the behavior patterns of individual privileged users in real-time, banks will be able to identify in-progress external attacks and malicious behavior of authorised insiders. Banks could thus stop an attack in progress, ensuring a less costly and time consuming remediation process," explained Worall.
"The most damaging attacks occur when privileged credentials are stolen, as it gives the attacker the same level of access as the internal people managing the systems and puts the bank at the mercy of the attacker's motivation. Banks should thus expand security strategies beyond trying to stop perimeter attacks like phishing, and look at proactive and detective ways to secure their privileged accounts," concluded Worrall.
Sign up for Computerworld eNewsletters.