Many high-profile Twitter accounts including Bill Gates, Elon Musk, Apple, and others were hacked this week. The alleged hacker gained access to an internal Twitter admin tool, hijacked the accounts, and tweeted a cryptocurrency scam. This latest attack underscores the importance of access management and securing privileged credentials.
Twitter Support acknowledged the “coordinated social engineering attack” to gain “access to internal systems and tools.” Twitter says it took “significant steps to limit access to internal systems and tools” as the breach is investigated. It is also “looking into what other malicious activity they may have conducted or information they may have accessed.”
This incident highlights an issue that many companies struggle with – who should have access to certain types of resources, data, and the ability to modify it? Access management is a classic use case for privileged access management (PAM) software. It is one of the reasons PAM remains a top security project for IT leaders.
If you look at the Twitter hack, it’s not unexpected that they have an internal tool that allows employees to access accounts or suspend them. Companies need to access user accounts and data when a customer has questions, issues or violate codes of conduct. But who and how the information is accessed and modified needs to be tightly controlled and managed to maintain security and compliance. Luckily, this can be done through privileged access strategies, a zero-trust security model, and PAM software.
Improving Access Management
Companies need to minimize the number of people with elevated privileges, introduce dual control over critical access and automate network access for users with elevated privileges. This includes rotating credentials often and ensuring user access without revealing passwords. If the user doesn’t know the password or only has a one-time credential, they cannot move laterally through a company’s network.
Companies should also maintain the principle of least privilege which restricts access rights for users, accounts, and computers/applications to only those resources/permissions required to perform their job effectively. They should also routinely review access lists to important admin tools and data.
PAM solutions like XTAM provide the tools companies need secure access management. For example, XTAM puts elevated/privileged credentials inside a secure vault or repository. The user must go through XTAM and be authenticated to access the required resources. XTAM then logs, records, and monitors each session. Credentials and passwords are reset after each use for the highest level of security.
With XTAM you can create role-based access controls that allow IT to grant and monitor access based on a user’s activity just for the duration of this activity. Reporting and alerts are used to notify IT of suspicious activities and determine the who, what, where, and when.
With better access management policies in place, many companies can reduce the impact of breaches such as what Twitter experienced. Implementing PAM for access management does not need to be complicated or expensive. XTAM is an affordable, modern PAM solution that is easy to implement and maintain. Download a free trial today.