"Privileged accounts provide elevated, often unrestricted access to an organisation's underlying information systems and technology, making them rich targets for malicious actors. Privileged accounts in the hands of malicious actors can cause significant operational damage, including data theft, espionage, sabotage, ransom, or bypassing important safety controls." National Cybersecurity Centre of Excellence, NIST
Today, connectivity is a necessity. But just because it is important to have access to information doesn't negate the responsibility of ensuring that access is given only to those who are authorised to.
In recent months, Southeast Asia has witnessed a troubling surge in incidents of privileged access compromise, impacting a diverse range of sectors, including financial services, government, healthcare, manufacturing, and retail. As cybercriminals increasingly target privileged accounts, organisations must reassess their security measures.
The 2024 Data Breach Investigations Report from Verizon highlights that human error remains a significant contributor to data breaches, with 68% of incidents involving human interaction, such as privilege misuse or social engineering.
The growing sophistication of attacks and the increasing value of sensitive assets underscores the urgent need for organisations to enhance their security protocols, implement robust policies, and cultivate a culture of security awareness.
As regulatory frameworks tighten across the region, including PCI DSS, GDPR, and the forthcoming DPDP Act in India, protecting privileged accounts has emerged as a critical priority for IT security teams.
Rising privileged access breaches in SEA
In 2023, the National Cyber Security Index (NCSI) ranked Malaysia 22nd in terms of cyber competence as a nation, Singapore 31st, Indonesia 49th, the Philippines 48th, Thailand 45th, Vietnam 93rd, and Myanmar 152nd. The rankings will likely change in 2024 as governments and businesses operating in these countries consider adding artificial intelligence (AI) as part of their digital transformation journey.
Stephanie Barnett, vice president of Pre-Sales for Okta Asia Pacific and Japan, says the rapid adoption of cloud and AI tools has expanded the overall attack surface and increased susceptibility to cyber threats. This is especially true given the large concentration of SMEs in the region, which have limited dedicated security resources.
She opines that many organisations lack robust security protocols, particularly in Privileged Access Management (PAM). "This makes it easier for cybercriminals to exploit privileged credentials by deploying methods such as phishing, social engineering, malware and leveraging valid stolen credentials purchased in underground markets," she adds.
A UN report found that in 2023, cybercriminals stole up to US$37 billion through various illicit activities in Southeast Asia, including those targeting privileged access.
Strategies that worked and didn't
There are many approaches to securing access to information and systems. Experts have accepted that not all strategies will deliver the same result.
Barnett says adequate protection of privileged accounts begins with regulation and monitoring of access to sensitive systems and data. She adds that PAM enforces least-privilege access, ensuring that only authorised users can interact with critical resources while offering real-time oversight to detect and respond to potential threats.
She posits that strategies like implementing Zero Trust frameworks enforce continuous access validation, and multi-factor authentication (MFA) strengthens identity verification. "Automated tools for password vaulting and rotation further reduce the risks tied to stolen credentials, while AI-driven anomaly detection enhances proactive threat identification," she adds.
She warns that outdated practices like static passwords or manual privilege management fail to address modern cyber threats, highlighting the importance of comprehensive, proactive approaches.
The value of corporate policies
Corporate policies are essential for effectively managing and monitoring privileged access. Barnett believes that managing privileged access demands a cohesive approach combining strong policies and an ingrained security culture. Organisations should enforce role-based access using PAM systems, ensuring only authorised users interact with critical systems.
She also suggests that strong password policies, MFA, and continuous activity monitoring play key roles in reducing vulnerabilities. Regular access reviews and targeted threat analysis also enable teams to address specific risks proactively and efficiently.
"On top of that, security training must be ongoing to build a strong security culture, with employees continuously learning to identify risks like phishing and understanding the importance of privileged accounts. Accountability and awareness must be present at every level to strengthen the organisation's security posture." Stephanie Barnett
The AI/ML factor
According to Barnett, organisations can utilise AI and machine learning to enhance privileged access security by enabling real-time threat detection and dynamic decision-making.
AI analyses large datasets to identify anomalies, such as unusual login times or access patterns, which may indicate potential breaches. Machine learning models refine their understanding of normal behaviour over time, allowing for adaptive and risk-based access controls that respond to evolving threats.
She adds that AI automates key security processes, such as provisioning, monitoring, and policy enforcement, reducing human error and enhancing efficiency. "By integrating these technologies, organisations can move beyond traditional security measures, adopting a proactive approach that continuously evolves to detect and prevent unauthorised access to critical systems and data," she concludes.
Regulation tightens noose on PAM practices
Digitalisation and the widening accessibility of information and systems in the cloud have precipitated a drive for stricter management of privileged access. Bennett says these laws mandate robust access controls, data protection measures, and compliance through continuous monitoring and documentation.
She recommends that organisations adopt advanced privileged access management systems to enforce least privilege principles and safeguard sensitive data. She reminds us that non-compliance risks include significant fines and reputational damage, emphasising the importance of aligning privileged access practices with evolving regulatory standards.
Incident response planning – is not an option
Incident response is coordinated actions and procedures designed to detect, analyse, and contain security breaches and IT failures. Bennett explains that Incident response planning (IRP) directly addresses the risks of compromised privileged access by ensuring swift detection, containment, and mitigation of breaches.
"A well-designed plan includes predefined protocols for monitoring and identifying unusual activity in privileged accounts, such as unauthorised access attempts or anomalous behaviour. Early detection minimises the potential damage caused by compromised credentials." Stephanie Bennett
She adds that IRP outlines containment measures, such as isolating affected systems, revoking access, and resetting compromised accounts. It also includes strategies for post-incident analysis to identify vulnerabilities, improve security measures, and prevent recurrence.
She asserts that by integrating PAM into the incident response framework, organisations ensure a proactive approach to limiting risks and restoring normal operations quickly after a breach.
Readying for 2025
Bennett warns that by 2025, cybercriminals' tactics for exploiting privileged access will become more sophisticated, leveraging advanced technologies and evolving security models.
"Cybercriminals may increasingly use AI-driven tools to mimic legitimate behaviour, bypassing AI-based anomaly detection systems designed to monitor privileged account usage. As organisations adopt Zero Trust architectures, attackers could target identity verification systems and device health checks, exploiting vulnerabilities in continuous authentication processes." Stephanie Barnett
She proposes that as Just-In-Time (JIT) access gains traction, attackers may focus on exploiting temporary credentials issued for task-specific access, aiming to infiltrate systems during short windows of elevated privilege.
"As always, organisations must continually upgrade and adapt their defences as cyber threats evolve," she concludes.
