200 admin accounts?
Y'sure you have enough there, mate?
Jersey-headquartered insurance company Ardonagh Group has suffered a potential ransomware infection. Informed sources whispered to The Register that the insurance firm had been forced to suspend 200 internal accounts with admin privileges as the "cyber incident" progressed through its IT estate. The UK's second largest …
News to me; we had 1 admin account, the CIO, and he was the only one that needed the power to do ANYTHING on the network. We were under HIPAA and they didn't want to take any risk at all. Of course the organization was a big one, and had a CEO and many administrator positions of several kinds, but all of those only required the usual data entry, email, etc., and the thought they'd need any more is rather ridiculous, if you ask me.
My thought exactly. There are at least 195 accounts too many that have that level of access.
They should start by pruning that.
Unless, of course, that level of access is not controlled by web firewalls and therefor upper management can continue surfing - uh - specific productivity websites, yeah, that's it.
According to their website, they have over 100 offices. Maybe they have two admins per office? Also, given the number of companies they have bought recently, I wouldn't be surprised if there aren't duplicate IT areas. I know when my former employer bought out other companies, the IT departments were merged years after the acquisitions were completed, and also long after we had some access to their networks.
I can see where they'd have 200 admin accounts. It's a side effect of a lifetime of being brainwashed by the Windows way of doing things. Sadly, this is quite common in today's business world.
Note: I don't condone it. Nor do I practice it. Just reporting what I've seen. And occasionally fixed, where allowed.
Until we have an after-action report, we really cannot say if their security was proper or not.
If you believe your **** doesn't stink, allow me to assure you it does. Build systems so that single failures don't result in total compromise. Design your systems to permit tracking of intrusions.
Because no fortress stands forever.