Jump to content

The hidden security risk of privileged users


Petrovic

Recommended Posts

All businesses are aware of the danger posed by insider threats, but those threats are multiplied when they involve privileged user accounts.

 

Damage caused by privileged users is the most extensive, the hardest to mitigate and the hardest to detect as it involves authorized users doing things they are authorized to do. A new report from access management specialist Forcepoint in conjunction with the Ponemon Institute looks at the gap between organizations' awareness of the problem and their ability to solve it.

 

The study conducted among more than 700 operations and IT security managers finds that 91 percent think that the insider threat will continue to grow or stay the same. Yet only 15 percent of respondents say they have a dedicated budget to address this significant challenge.

 

According to 79 percent of respondents, privileged access rights are required to complete their current job assignments. However, many respondents have more access than they need, 21 percent say they do not need privileged access to do their jobs but have it anyway. There are two main reasons given for this. First, everyone at the same job level has privileged access even if it isn't required to perform a job (43 percent). Second, the organization has failed to revoke rights when a role changed and no longer needed access privileges (34 percent).

 

Only 43 percent of organizations say they have the capability to effectively monitor privileged user activities. In addition 58 percent pointed out that organizations are unnecessarily assigning access to individuals that go beyond their role or responsibilities.

 

The fear of attack using privileged credentials is high too. 46 percent believe that malicious insiders would use social engineering to obtain a privileged users access rights -- up 20 percent from a similar survey in 2011.

 

"The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions," says Forcepoint's technical director of insider threat solutions, Michael Crouse. "Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do. This report underscores the enormous gap between organizations' awareness of the problem and their ability to solve it".

 

The full study is available to download from the Forcepoint website and there's a summary of the findings in infographic form below.

 

infographic-privileged-users-case-study.

Article source

 

Link to comment
Share on other sites


  • Replies 3
  • Views 589
  • Created
  • Last Reply

If organizations and people haven't learned by now that you never operate with any account higher than user on a daily basis then they never will.  Even our IT personnel only have user accounts but have a separate login that gives them admin privileges when they need them to install software or modify a system.  Of course everything on our systems is tracked and logged so we can see who uses these accounts and how long they are logged into them and what data they access.  This stops the internal threats from taking place (no more Snowdens) by allowing us to monitor the amount of data being accessed by one individual.  

Link to comment
Share on other sites


41 minutes ago, straycat19 said:

no more Snowdens

this happen many ttimes, even before  everything was stored on computers .All it takes is for some agent who works on some high profile cases to go rouge and spill the beans .Only thing computers done was make it more easy for people with low level access to to get info. Snowden was just a contractor he did not really belong to the NSA.

 

People have been doing what Snowden  did since the 1500s  only thing  that would stop is people with low level Access that work in the office, it want prevent those who really have access from doing it.

https://en.wikipedia.org/wiki/List_of_whistleblowers

There's been like 7  cases of whistleblowers since Snowden done that even .

 

Link to comment
Share on other sites


I like having administrator access to my computer I have thought about using a standard user account and using uac to get administrator access when I format and install windows seven ultimate.  My question is what about the malware that can work on limited user account or exploits a standard user account to gain administrator privileges.  I have a script that can make a guest account a administrator account and Im sure malware authors have thought of that.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...