Combat cyber crime with least privilege methodology
In today’s information age, it seems the more sensitive data that companies produce, the more vulnerable they become to malicious probing.
The rise in cyber-attacks emanating from foreign nations are underlining a new threat from external hackers and online organized crime. Complicating the security landscape even more are companies’ own employees, who are causing crippling security breaches from the inside. What’s particularly frightening is that employees don’t have to be malicious to be a danger; in fact, many of the leading threat incidents faced by enterprises today implicate unwitting insiders. This was the case with South Carolina’s Department of Revenue, where an employee unknowingly clicked an email link and opened the government agency to a large-scale cyber-attack, costing the state $14 million and compromised the personal and financial data of millions of residents.
Amidst this complex threat landscape lies a common victim: unmanaged local administrative accounts, which represent a freeway into companies’ prized data. Privileged accounts provide unrestricted access to systems and so cybercriminals target these accounts, as they enable malware to persist at the system level and then spread more readily to other privileged accounts and computers. Unfortunately, this is causing a convergence of the threat space, as cybercriminals increasingly prey on users with privileged accounts, the lines between external and internal threats are blurred, requiring enterprises to step up their security ante.
With proactive security measures top of mind, enterprises are quickly transitioning from moderately-managed desktop environments to ones that are locked and well-managed. However, completely locking down all administrative privileges is too restrictive, leaving employees struggling to perform day-to-day tasks. Of course, allowing too many privileges undermines the whole concept of defense-in-depth security strategies. This leaves organizations wondering – how can we empower users with the privileges they need to perform their roles, without compromising security?
To strike the elusive balance between too many and too few, organizations are increasingly adopting the methodology of least privilege management, granting privileges to applications instead of users, and elevating those applications only when needed. This concept is designed to protect against the initial attack vector and prevent an infiltration before it starts to spread through an organization’s network. With least privilege management, there is no need for users to logon with a local administrative account, as privileges can be assigned directly to the applications that require them. This prevents an attacker from gaining access to a privileged account, making it much more difficult for malware to persist and take control over systems.
Though it’s a concept that’s been around for some time, recent high-profile security incidents that implicate privileged accounts are driving industry-wide demand for privilege management solutions. Both public and private institutions are now realizing how taking a least privilege approach can prevent malware attacks and data leaks. In fact, Cambridge-based analyst firm Forrester Research predicts that privileged user management will grow more than 50 percent in coming years with forecasted revenues expected to exceed $330 million by 2014.
Privilege management is the baseline measure that all organizations should take to mitigate malware risks and insider threats. After all, traditional antivirus software is struggling to handle the new breed of advanced malware threats, which are difficult to detect and often look to cloak themselves once they’ve gained privileged access to a system. Recent trends such as Bring Your Own Device (BYOD) and OS migration are now adding to enterprises’ growing list of security concerns, compelling organizations to take this least privilege approach to admin rights.
In today’s security ecosystem, when sophisticated attackers want to be as destructive as possible, they’ll target administrative accounts first and even enlist teams of hackers to infiltrate the network. Luckily, least privilege management solutions provide hope for the future. Helping to prevent attacks before they start, least privilege management ensures that security is the beginning of every enterprise’s conversation, before it becomes the end of its story.