One The 2022 report on privileged user threats of the Ponemon Institute found that privileged user attacks skyrocketed 44% in 2020, with a cost per attack of $15.38 million. With privileged user attacks causing massive damage, stop the security threats coming from malicious privileged users and the threats they can pose to your organization. become more important than ever.
Who is the privileged user?
The privileged user could be an employee tasked with accessing sensitive corporate information. Understanding what makes a person a privileged user will help organizations monitor and mitigate malicious attacks from privileged users. In most cases, privileged users are granted higher access to the company’s source code, networking, and other technical areas. These additional privileges leave sensitive data within the organization vulnerable to attacks.
While providing some employees with privileged access is important to the successful operation of an organization, care must be taken to define these privileges and provide sufficient limits to areas where the user is not authorized to access.
Understanding privileged user attacks
Privileged user attacks often take advantage of an organization’s vulnerabilities, be it system misconfiguration, bugs, or unrestricted access control. While standard users have limited access to sensitive files and system databases, privileged users – in addition to having privileged access to these sensitive resources – may have more access.
Depending on their goals, privileged users can move to gain control of more systems, or gain administrative and root access until they have full control over the entire environment. When they do, it will be easier for them to control low-level user accounts and extend their privileges.
UNDERSTAND: Mobile device privacy policy (TechRepublic Premium)
How privileged user threats may manifest
1. Credential mining
Credentials such as usernames and passwords are common means of launching a privileged attack.
In this case, an attacker can try to find out the system administrator’s credentials because their account has more privileges over sensitive data and system files. Once maliciously privileged users gain control of the credentials, it is a matter of time before they exploit them.
2. Privileged Vulnerability Exploit
Vulnerabilities are vulnerabilities in the code, design, implementation, or configuration that are exploitable for malicious attacks. In other words, vulnerabilities that privileged users can exploit can affect operating systems, network protocols, applications, online applications, infrastructure, and more.
A vulnerability does not guarantee that a privileged user attack will succeed; it only indicates the existence of a risk.
3. The system is poorly configured
Another type of exploitable vulnerability are configuration issues.
Most of the configuration problems that privileged users can exploit usually come from poorly configured security settings. Some of the cases where the system is poorly configured include using default passwords for system administrators, unauthenticated cloud storage exposed to the internet, and leaving newly installed software with settings default security.
4. Malware
Privileged attackers with root access and advanced knowledge of viruses and malware can also exploit some security holes in your company’s system configuration. In addition, the use of malware such as trojans and ransomware may be easier for privileged users since they have root access to the system environment.
UNDERSTAND: Password Breach: Why Pop Culture and Passwords Don’t Go Together (Free PDF) (TechRepublic)
How business organizations can prevent privileged user attacks
There are a number of ways business organizations can prevent or reduce the incidence of privileged user attacks. Any company can use containment methods, while mitigation will depend on the type of attack.
1. Least privileged access
Many organizations make the mistake of giving privileged employees access to more than what their job requires. Unfortunately, this activity creates vulnerabilities that could support a malicious attack from a privileged user.
One of the ways you can avoid this situation is to apply principles of least privileged access. This principle is an organizational security practice that supports limiting privileged users’ access to only the data, systems, and applications they need to succeed in their roles.
So to make this happen, all the necessary roles and privileges in the organization must be audited by the top security experts in the company. Doing this will help prevent users from being improperly granted access. Important test areas include system administrators, domain administrators, database administrators, payroll administrators, and root users.
2. Privacy policy should guide privileged users
Make sure that a privileged user privacy policy intended to guide what privileged users can and cannot do. This policy must also include the possible consequences of a user violating any privacy policy. Again, this policy should also address what to do if privileged users leave the company or change their role within the company.
The best practice in most organizations is to cut off any security privileges granted to users before they leave work. If it is a case of changing the role of a privileged user, revoke the previous user’s privileges and check how the previous privileges were managed before granting new privileges to the new roles.
3. Perform periodic security monitoring
Another way to reduce the risk of maliciously privileged user attacks is to devise a security monitoring team periodically monitor how all privileged users use their access to perform their roles. This security monitoring exercise can be performed manually by a team of leading security experts or automatically using security monitoring tools.
Also, make sure all employees are aware of this periodic security monitoring process, but leave no specific date to avoid instances where maliciously privileged users could cover their tracks.
For thorough monitoring of privileges, focus on how users manage read, cancel, create, and modify access permissions. If you suspect any red marks in access, revoke or force access to multi-factor authentication The system prevents impending vulnerabilities.
4. Implement multi-factor authentication
Another way to prevent malicious attacks on privileged users in your organization is to implement multi-factor authentication so that some privileged users must require authentication before granting access. use. While this can be a difficult workflow, it is better to leave vulnerable critical system access in the hands of a maliciously privileged user.
