Book Demo!

Many high-profile Twitter accounts including Bill Gates, Elon Musk, Apple, and others were hacked this week. The alleged hacker gained access to an internal Twitter admin tool, hijacked the accounts, and tweeted a cryptocurrency scam. This latest attack underscores the importance of access management and securing privileged credentials.

Twitter Support acknowledged the “coordinated social engineering attack” to gain “access to internal systems and tools.” Twitter says it took “significant steps to limit access to internal systems and tools” as the breach is investigated. It is also “looking into what other malicious activity they may have conducted or information they may have accessed.”

This incident highlights an issue that many companies struggle with – who should have access to certain types of resources, data, and the ability to modify it? Access management is a classic use case for privileged access management (PAM) software. It is one of the reasons PAM remains a top security project for IT leaders.

If you look at the Twitter hack, it’s not unexpected that they have an internal tool that allows employees to access accounts or suspend them. Companies need to access user accounts and data when a customer has questions, issues or violate codes of conduct. But who and how the information is accessed and modified needs to be tightly controlled and managed to maintain security and compliance. Luckily, this can be done through privileged access strategies, a zero-trust security model, and PAM software.

Improving Access Management

Companies need to minimize the number of people with elevated privileges, introduce dual control over critical access and automate network access for users with elevated privileges. This includes rotating credentials often and ensuring user access without revealing passwords. If the user doesn’t know the password or only has a one-time credential, they cannot move laterally through a company’s network.

Companies should also maintain the principle of least privilege which restricts access rights for users, accounts, and computers/applications to only those resources/permissions required to perform their job effectively.  They should also routinely review access lists to important admin tools and data.

PAM solutions like XTAM provide the tools companies need secure access management. For example, XTAM puts elevated/privileged credentials inside a secure vault or repository. The user must go through XTAM and be authenticated to access the required resources. XTAM then logs, records, and monitors each session. Credentials and passwords are reset after each use for the highest level of security.

With XTAM you can create role-based access controls that allow IT to grant and monitor access based on a user’s activity just for the duration of this activity. Reporting and alerts are used to notify IT of suspicious activities and determine the who, what, where, and when.

With better access management policies in place, many companies can reduce the impact of breaches such as what Twitter experienced.  Implementing PAM for access management does not need to be complicated or expensive.  XTAM is an affordable, modern PAM solution that is easy to implement and maintain.  Download a free trial today.

Design vector created by freepik – www.freepik.com


Mark Klinchin

I am Co-Founder and CEO of Xton Technologies. I am interested in computers, software development, cyber security, content management, photography, image processing and mathematics.

Related Posts

Industry

Top XTAM Features Added in First Half of 2020

Our customers count on the Xton Development team for our weekly releases of Xton Access Manager (XTAM) for privileged access management.  Our agile development approach ensures that we are continuously advancing the XTAM product to Read more…

Industry

Can I use Microsoft Local Administrator Password Solution for privileged management?

Lately, we have received questions about using Microsoft Local Administrator Password Solution (LAPS) to manage local administrative privileges. With more employees working remotely these days, companies are looking for ways to boost their security posture Read more…

Industry

Protecting PII and Personal Data During a Pandemic

Regardless of the business you are in, you likely must adhere to some government guidelines or regulations (HIPAA, GDPR, Sarbanes-Oxley, PCI DSS, ISO/IEC 27002 controls, etc.) regarding how you store, use and secure information. This Read more…

Copyright © 2020 Xton Technologies, LLC. All rights reserved.