This is unfortunately common in many organizations, and when it comes to protecting the organization from cyber attacks, it is a very bad practice. I have seen so many incidents where the IT operations team tries to find the password for the service account during a failed upgrade, patch deployment, maintenance incident or worse again, during a major security incident. At this point, it’s already too late, with end users and the management team crying out for answers.
Since service accounts are often managed manually from cradle to grave, they are prone to errors.
Here’s an example: a powerful spreadsheet experience
I was hired once by a state-of-the-art power plant. It was relatively new, fully automated with remote controls, and they wanted me to review its cybersecurity protection and security check.
The physical security was impressive. The security system could tell when visitors were 5 minutes away, warn in advance of what time visitors should arrive, what they would be driving and how many people were in the vehicle. If visitors arrived 1 minute before or after the prediction, they were faced with armed guards.
All physical doors had access controls, including the engine rooms. Once inside the engine rooms, each engine had its own control valves to physically alter water pressure and flow. The control valves were not secure, although the risk of tampering was low. Command and control via programmable logic controllers (PLCs) and SCADA control systems all featured the latest and greatest protection against advanced cybersecurity threats, with millions spent to prevent cybersecurity attacks.
They had built a physical and cybernetic fortress for themselves.
Then it happened. Sitting on the table next to the controls was a printed page. It contained all the IP addresses, usernames and passwords for each monitoring station and service accounts. They had not been modified for over four years and had all been installed by the manufacturer with vendor credentials by default.
Anyone could have made copies of this list: visitors, former employees or even contractors.
Anyone could have taken a photo from their smartphone and triggered an attack as they pleased. The plant would never have seen it coming.
A privileged service account with a default provider password can make the difference between a simple perimeter breach and a cyber disaster
Don’t be another statistic. Immediately take control of the management of your service accounts. Prioritizing this will not only save you time and money; it will also improve your cybersecurity and reduce your risk of cyber attack.