cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Getting the board on board with Active Directory security

Scott McKinnel from Tenable ANZ outlines four reasons why organisations should update and bolster their Active Directory security practices.

user iconScott McKinnel
Wed, 13 Apr 2022
Getting the board on board with Active Directory security
expand image

Years of oversimplification have conditioned organisations to ignore or neglect the security of the ubiquitous, all-powerful overseer that orchestrates literally everything in any given IT infrastructure: Active Directory (AD).

As a consequence, it receives too little investment and attention from boards, and far too much attention from cyber criminals.

And with the federal government considering new industry standards making company directors accountable for cyber attacks, cyber literacy will need to become the new financial literacy as board members focus on and assess their organisation’s cyber risks.


AD has been used by organisations for identity and access management for over 20 years. Before the shift to remote work, managing AD on-premises was easier as IT administrators had visibility and could control the number of users on a network and the resources they could access.

The new working model complicates things because AD environments are constantly changing. That means if AD security hygiene isn’t managed or secured properly, cyber criminals will go after the low-hanging fruit like weak passwords and phishing links.

With just how attractive AD is to cyber criminals, here are four reasons why it’s time the board takes notice.

AD can halt business continuity

Stopping businesses in their tracks is one of the most tangible threats an insecure AD poses to industries and enterprises.

Every large-scale, infrastructure-wide attack that has crippled production capabilities in recent years has had an Active Directory exploit at its core.

For example, in 2017, the NotPetya ransomware attack shut down the port terminals of a shipping giant for two days, causing an estimated $300 million in associated costs.

There are two methods cyber criminals use to disrupt businesses. The first is by crippling the AD itself, preventing users and applications from logging into systems and accessing their required resources. The other is by using AD as a transport for destructive malware.

Today’s consumer-level ransomware is good enough to do the destruction job effectively. The only challenge in those attacks is getting this malware installed on a large number of endpoints so that recovery at scale becomes unrealistic. In this regard, exploiting AD weaknesses is the only practical option for cyber criminals to move laterally within the infrastructure.

AD can put cracks in brand and customer trust

With personally identifiable information (PII) leaks making the headlines ever so frequently, customer trust is hard to establish and very easily lost.

A 2017 study by PwC found that 85 per cent of customers in Australia won’t do business with a company if they have concerns about its cyber security practices.

This should not be a surprise considering the brand is the overarching umbrella of a company; brand damage has a ripple effect that impacts all its products and services.

Contrary to business disruption attacks, data breaches do not always require an Active Directory hack to be effective – only very often, depending on whether the hack requires deep intrusion into the infrastructure or not.

AD attacks can result in competitive loss and IP theft

As the lifeblood of a business, unwarranted access to intellectual property (IP) is a direct threat to the very existence of an organisation.

In the tech industry at large, blueprints and products are designed months ahead of their public release, giving IP thieves a sufficient lead to preemptively close technical gaps and nullify competitive advantages.

In critical national industries, IP thefts have geopolitical consequences. Exfiltrating these data stealthily remains the easiest part of a cyber criminal’s job.

Their true challenge lies in accessing the data in the first place: after primo-infection, an attacker rarely has access to their targeted assets. Hunting for valuable data requires the ability to hop from system to system until proper access rights can be inherited or impersonated. And there is only one way to do so: exploiting Active Directory vulnerabilities.

AD, a common threat denominator

From the examples listed above, it’s plain to see that no large-scale attack on an IT infrastructure would succeed without exploiting, at some point, a few Active Directory weaknesses.

All these costs are therefore linked to the insecurity of this critical infrastructure. It’s also one that organisations can avoid if they paid attention to securing that AD.

Scott McKinnel is the country manager at Tenable ANZ.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.