The enemy inside: insider threats through misuse of privileged authorizations. If there is a lack of measures to control and restrict the access rights of employees in a granular way, this represents a considerable risk for company security. The solution: the implementation of a least privilege approach.
Cracking the code, defeating a boss, or discovering a lost key - these are all ways to level up in video games. Players then gain access to new tools, powers, or other components that will ultimately help them to victory. In many ways, the network infrastructure is similar to a video game. Employees have access to different levels of information and are given specific permissions based on their role, seniority, or other factors. Typically, sensitive information and critical systems are limited to privileged users such as IT and network administrators. The aim of corporate security is to limit the possibilities for regular employees and external attackers to move up to 'the next level'.
However, if there is a lack of measures to control and restrict the access rights of employees in a granular way, this represents a considerable risk for company security. The following is an overview of four main causes of the abuse of privileged authorizations as well as best practices for protection.
Lack of access restrictions to sensitive data and systems
One of the most common causes of a data breach is a company's failure to restrict access to sensitive information or systems. The more employees have access to business-critical assets, the greater the risk of a data leak. Without proper controls, an ignorant employee can, for example, download a document containing sensitive information from the server and pass it on to other team members, customers, external partners or, in the worst case, to an attacker as part of a spear phishing attack.
Insider threats from disgruntled employees
Disgruntled employees who have either been fired or denied a raise are also at high risk if companies fail to monitor or cut their digital identities and associated permissions. If malicious insiders have access to critical data, applications and systems, they can steal sensitive information unnoticed and sell it to the competition or make explosive insider knowledge available to the public.
Bad password hygiene
Even weak passwords can be used by malicious insiders. According to the latest NordPass password report, over 2,5 million users still use “123456” as their password. Compared to external attackers, insiders often have extensive personal knowledge of their target person in order to crack the credentials of a privileged account and impersonate a legitimate user.
Abuse of privileged accounts by external attackers
Cyber criminals are always looking for ways to access confidential information and systems or manipulate vulnerable employees. Through phishing campaigns, social engineering techniques, digital scanners, password sniffers, or any combination of these methods, hackers can gain access to an employee's credentials and impersonate a legitimate user. After an attacker has gained access, he will scout his environment and look for ways to increase his access rights in order to extract data or to sabotage critical company processes with malware.
Game over by implementing a least privilege approach
Whether it is an ignorant user, a malicious insider, or an outside attacker who has gained access to sensitive information, it can have devastating consequences for businesses.
To prevent employees from gaining too much access to sensitive systems and information, companies should first identify shared administrative accounts and store them in a password vault. All other privileged users should be provided with controls based on the least privilege principle. A system should be set up to check who is requesting access, for what reason, and to determine the security risk of the environment from which the respective employee wants to log in. To put an end to inappropriate privilege increases, companies should implement the following measures:
1. Establishment of least privilege
Özkan Topal, Sales Director at ThycoticCentrify
Any employee can potentially fall victim to a cyber attack or become an attacker themselves. The security architecture must therefore be structured accordingly. Companies should strive for "zero standing privileges", that is, close privileged access for employees as soon as a task has been completed so that they are not open to threat actors.
2. Granular control of resources through access zones
Particularly in the case of sensitive processes and tasks, it should be ensured that no person has more access rights than are absolutely necessary for their work. Companies can use so-called identity access zones to bind a user's rights to resources that he needs every day, based on his role.
3. Implementation of access request and approval workflows
Companies should control the extension of authorizations with the help of an access request and approval procedure, in which employees specify the reason for their desired, temporary privilege increase. This makes it possible to trace who has approved access and what context is associated with the request.
A traditional, purely perimeter-based security approach is no longer sufficient these days, as it must always be assumed that threat actors are already in the corporate network. By introducing a least privilege approach, granular controls of resources through access zones and the implementation of access request and approval workflows, companies can significantly reduce the abuse of privileges.
More at Centrify.com
About ThycoticCentrify ThycoticCentrify is a leading provider of cloud identity security solutions that enable digital transformation on a large scale. ThycoticCentrify's industry-leading Privileged Access Management (PAM) solutions reduce risk, complexity and cost while protecting enterprise data, devices and code in cloud, on-premises and hybrid environments. More than 14.000 leading companies around the world, including more than half of the Fortune 100, trust ThycoticCentrify. Customers include the world's largest financial institutions, intelligence agencies, and critical infrastructure companies. Whether human or machine, in the cloud or on-premises - with ThycoticCentrify, privileged access is secure.