Many organizations that use Active Directory (AD) are failing to bolster their security postures
Microsoft AD has been around for almost a quarter century, and while many organizations across industries use it, few have adapted to the demand for greater security postures.
Despite the fact that approximately 90% of the Global Fortune 1000 companies use AD, only about a quarter consider security within it a top priority for their organization. But breaches and malware attacks are happening with increasing frequency, partially because cybercriminals have identified it as a common target: AD is used by corporations, healthcare organizations, educational institutions, small businesses–just about everyone.
And so the risk of cyber attack is huge.
Organizations with a) a large database of PII and b) legacy networks in place are particularly juicy targets for threat actors, because of the potential dual ease of attack and big payoff. Unfortunately, this makes healthcare facilities, financial institutions, and government facilities particularly appealing. However, often these enterprises have two features:
- Legacy applications and complex environments
- Lack of in-house AD expertise
In addition, the demand on IT teams within many organizations is already large, and as demonstrated in other research, the budget for cybersecurity hasn’t been increasing–despite the clear need for additional resources.
What can organizations do to bolster security within AD?
These days, regardless of industry or company size, it’s crucial that your cyber defenses do better than the automatic settings that come with AD. For both the financial industry and healthcare organizations of all kinds, there are specific risks, and risk management strategies.
Organizations must first realize that AD is a target, and the in-built security systems are not sufficient to protect a company’s network. The root of many breaches and ransomware attacks is more straightforward: many attacks–some as well known and devastating as the Colonial Pipeline breach–came down to a single compromised credential.
Poor password hygiene (for example, sharing passwords and re-using passwords cross-account) is one way for IT administrators to improve AD security, but the main solution is to scan for compromised credentials at the point of creation and on an ongoing basis.
If hacked passwords weren’t even allowed to enter an organization’s system, it would boost the company’s proverbial “Security Grade” immensely.