Does “privilege drift” jeopardize your organization’s data security?


Not so long ago, data security teams could track users and their associated access privileges in a business environment with relative ease.

However, fast forward to today and things got a lot more complicated. Large, wide area networks spread across diverse geographies make it increasingly difficult to control who needs privileged access to specific applications and systems at any given time. As a result, users can end up with access to many systems that they really shouldn’t have, creating security blind spots and vulnerabilities that can be exploited in a data breach attempt.

This article will examine the dangers of so-called “privilege slippage”, why it poses such a significant threat to data security, and how adopting a least privilege model can help mitigate the dangers without affect operational efficiency.

What makes privilege drift so dangerous?

For any team trying to secure a large and / or disparate corporate network, privilege drift can make it very difficult to maintain overall control which, over time, can seriously undermine the security posture. As employees change jobs or take on new responsibilities, they begin to access more and more systems, while retaining access to old ones (unless it is proactively revoked) .

Soon, tens, hundreds, or even thousands of employees may gain access to systems that are no longer relevant to their functions, but which likely contain large amounts of sensitive business and customer data, which can often include personally identifiable information. identifiable. Not only is this a violation of compliance regulations across many industries, it also leaves data unnecessarily exposed to internal and external threats. In many cases, employees may not even realize that they are accessing or exposing data that they shouldn’t even have access to.

For example, without the right data protection in place, a well-meaning employee trying to complete an urgent task may inadvertently gain access to inside information and email it to many partners or third parties without realizing the implications of their actions. . This would instantly cause a security incident that could easily have been avoided by simply revoking the employee’s access to that information in the first place.

The problem does not end there either, as employees accumulating more access rights than they should have in this way is only one aspect. Some also try to elevate their access rights by logging into privileged user accounts to which they do not have authorized access. Most employees know more than enough personal information about their coworkers to guess their personal passwords, and with over 2.5 million people still using “123456”, they often don’t even need to. make. While most employees engage in this type of behavior for honest reasons, such as trying to get the job done faster, a small minority do so with more malicious intentions in mind.

In the case of a disgruntled or former employee, organizations that do not effectively monitor this type of behavior can quickly find themselves on the wrong side of a major security breach and / or a news headline, which does not is by no means desirable. According to Forrester, 80% of today’s security breaches involve privileged credentials by default, lost, stolen, or compromised, making it a growing problem across the business landscape.

External threat actors know how to take advantage of privilege drift

Unfortunately, cybercriminals and external threat actors know all too well how to capitalize on privilege drift if they are lucky enough to find out. Such adversaries are very good at finding ways to gain access to confidential systems and manipulate vulnerable employees. In these cases, they often combine a variety of approaches, including phishing campaigns, social engineering techniques, and password sniffers, to gain access to an individual’s login information.

They can then use these legitimate credentials to bypass security defenses before looking for ways to elevate access privileges themselves to deepen the network. Once inside, they can steal sensitive data and / or trigger a cyberattack for maximum damage.

The principle of least privilege helps mitigate the threats posed

In order to avoid falling victim to privilege drift, businesses around the world must prevent it from happening in the first place. One of the most effective ways to do this is to embrace the least privilege model that balances the business needs of employees with the cybersecurity and compliance best practices needed to protect sensitive data.

If companies assume that every employee has the potential to fall victim to malicious actors, or even become a victim themselves, it suddenly makes sense to only provide them with the minimum level of access they need to perform. the task they are working on. whenever. Once this task is completed, this access must then be removed to avoid creating vulnerabilities, leaving no permanent privileges.

Companies should also seriously consider enforcing segregation of duties, especially for all sensitive activities, using identity access zones that tie an employee’s rights to the resources they need on a day-to-day basis, including depending on its specific role.

Finally, organizations must adopt a streamlined solution to manage and increase just-in-time employee access, with robust governance built into all levels. Implementing a self-service access request process, with multi-level approval workflows, will provide 360-degree visibility into exactly who approved the access and the specific context related to each request. individual.

Whether they like it or not, businesses around the world are bombarded with an increasing number of cyber threats every day, the vast majority of which are caused by compromised credentials. Those without an effective privileged access management strategy run a major (and unnecessary) risk of exposing their networks to potential internal or external breaches if privileged credentials are misused or compromised. Adopting role-based access and the principle of least privilege will go a long way in helping them to properly protect their most sensitive data, ensuring that it always remains protected.

Kamel Heus, Vice President EMEA, ThycoticCentrify

Source link


About Author

Comments are closed.