If you weren’t at our ISSA event with Thycotic, then you definitely missed out! We had special guest and specialist, Joe Carson, fly in from Estonia to share with us his experience. In Joe’s presentation he shared a story about Pen Testing work he was hired for at a new state-of-the-art power station. He provided the plants developed security details on the impenetrable fortress, both
physical and network. No one unauthorized was going to get in. But Joe was determined to find a vulnerability.

In the end, the plant failed testing with a simple “User Error” in security. During his time at the plant posing as a hired photographer, he found a PHYSICAL document with IP addresses, usernames, and passwords for control stations and accounts. ANYONE could have made copies of this list: visitors, former employees or even contractors. Passwords hadn’t been changed since manufacture install! The board of directors at the plant didn’t think this was a vulnerability because the control network was air gapped. Joe faked a power issue nearby the plant, and a service call was made. The person servicing the issue
left his laptop open and logged in on the front seat of his car. As he was troubleshooting, Joe “stole”/borrowed the laptop and was able to break in.

To recap, here are 5 takeaways from Joe’s presentation:

  1. Define & Discover service accounts. Every organization is different, so you need to map out what important
    applications and programs rely on data, systems, and access.
  2. Manage & Protect service account passwords. Proactively manage, monitor, and control service account access with password protection software.
  3. Monitor service account activity. This will help enforce proper behavior and avoid mistakes by employees and
    other IT users because they know their activities are being monitored.
  4. Prepare an incident response plan in case a service account is compromised. If compromised by an outside attacker, hackers can install malware and even create their own service accounts or other privileged accounts.
  5. Audit & analyze service account activity. Continuously observing how service accounts are being used
    through audits and reports will help identify unusual behaviors that may indicate a breach or misuse.

Contact us today to schedule a consult with Thycotic!