Light Dark
November 9, 2017 By Larry Loeb 2 min read

Privileged accounts are great targets for threat actors because fraudsters with high levels of access can cause data leaks of greater significance. A new survey by One Identity revealed that problems related to privileged account management put sensitive enterprise data at risk.

The survey, which queried 900 security professionals from around the world, found that 86 percent of organizations do not consistently change privileged account passwords after each use. Even worse, 40 percent of respondents neglect to change default administrator passwords.

Problems With Privileges

The report detailed other failures to follow security best practices. For example, only 54 percent of respondents use a password vault to protect privileged accounts. Furthermore, while 95 percent of respondents said they log or monitor high-level access to some degree, only 43 percent monitor all privileged access. This negligence could enable credential-stealing threat actors to move throughout the network without causing any alarm.

Meanwhile, 32 percent of respondents said they were unable to definitively identify administrator activities. This is no surprise, since 46 percent of respondents have multiple administrators who share common credentials.

Too Many Tools

The survey found that organizations employ various tools for privileged access management, including Microsoft Excel (36 percent) and internally developed scripts (37 percent). In fact, a 2016 Thycotic survey revealed that 70 percent of security professionals used either “homegrown” solutions or no tools at all to manage privileged accounts.

Other common tools include permissions delegation software (25 percent) and paper-based log books (18 percent), according to the One Identity report. Further muddying the waters, two-thirds of respondents said they used multiple tools for privileged account management, while 13 percent reported using four or more.

Mitigating Privileged Account Management Risks

Security teams should consider ways to improve their privileged account management practices. Some organizations might benefit from implementing a comprehensive approach to password management in general, not just for privileged accounts.

An integrated identity and access management (IAM) solution that contains a high-security password vault for the most important accounts can also lend added security to the entire system, and ensure that credentials can be controlled and modified as users’ needs change over time. By dealing holistically with all accounts, security professionals can mitigate the problems specific to privileged account management.

 |  |  |  | 
Larry Loeb
Principal, PBC Enterprises

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature