Michael Byrnes, director – solutions engineering, iMEA, BeyondTrust writes about the seven pitfalls of privilege.
When the region was hit by COVID-19, organizations prioritized business continuity in their movements to the cloud. But ironically, the very continuity they had in mind was compromised by the haste with which it was delivered. Security was relegated to the status of “afterthought” and bad actors wasted no time in punishing these “can’t happen here” threat postures. A recent KPMG survey of UAE respondents found 88% had witnessed an increase in cyber incidents during last year’s crisis. The report also cited a McAfee study that named the UAE the “second most targeted nation globally” by bad actors.
While figures like these may make for a bleak outlook, most, if not all, emerge from common missteps that can be corrected. Cybersecurity teams across the region should think of these “Seven Perils of Privilege” as touchpoints to establish best practices.
- Digitize today, secure tomorrow
The region’s enthusiasm for digital transformation has led to a pace of innovation that disregards vital security concerns. Digitization programs commonly begin with cloud migrations, but cloud providers cannot police all their customers’ shadow IT. As legacy systems are shoehorned into service beside barely compatible cloud tools, providers cannot be expected to smooth out and secure the entire customer infrastructure.
Across all this complexity, the underlying problem that needs to be addressed is privileged access. When digital transformation happens at speed, organizations need to ensure they retain control of their “credentials ecosystem” — authorization of users, sessions, and passwords across the entire network, including the cloud (or clouds) in which they operate.
- More clouds, more attack vectors
Many enterprises do not construct a single cloud; they have several. IaaS for IT, PaaS for DevOps, SaaS for knowledge workers, and so on. Whatever the setup, cloud migration delivers all kinds of boons, but each sub-environment acts as a multiplier for the attack surface. Bad actors have more vectors to exploit and more routes into a network. Without strict management of identities and credentials, nefarious parties can stroll through the gaps and wreak havoc.
Organizations should consider the best practice of enforcing “least privilege”, while taking care to properly inventory cloud assets and accounts along with all other digital assets. Similarly, security teams should implement application control, and secure DevOps tools.
- Neglecting password policy
Infrastructure sprawl brings with it a lot more passwords. With too many to remember, users often store passwords, but if they are inappropriately secured this can lead to compromise. Reuse of a password across multiple accounts and the use of weak passwords both continue to be issues in the pandemic era, and when combined with network complexity, organizations can face an even greater expansion in the attack surface. If weak passwords are protecting high-level privileges, ransomware can follow on swift wings.
Security teams must look to tools that make life easier for end users while masking plain-text passwords so they cannot be phished. Credential Injection is one such technique, and it has become a major feature of privileged access management.
- Haphazard granting of admin rights
IT helpdesks now find themselves overwhelmed. They can therefore be tempted to allow employees more rights than would normally be tolerated, simply to reduce ticket volumes. But control of the assignment, configuration and use of administrative rights is the foundation of security best practice. Endpoint privilege management solutions can implement least privilege without compromising end users’ productivity.
- The “insider” factor
Acting or former employees, contractors, or partners can all be weak links in a security posture. From errors to malicious acts, organizations must protect themselves from within by implementing least privilege and rotating privileged credentials, as well as tracking employment lifecycles from onboarding to offboarding. Privileged password management solutions are available to help. They monitor everything to do with passwords and automate their rotation.
- Too much confidence in employees
Even the best trained employee can fall for a social-engineering technique if it is sufficiently sophisticated, so it pays to never rely totally on the discerning nature of the workforce. Fortunately, some security solutions can mitigate harm even if an unwitting user has clicked on the wrong link. Such solutions work by removing access from individual users before the compromised account can do harm.
- Under-resourced IT
“Streamlined” budgets and ill-equipped IT teams do not sit well beside an explosion in service tickets. Remote workers, confused managers, demanding developers, and others will place strain on IT. Its place in the modern enterprise requires its empowerment. Secure remote access tools are VPN-less and efficient. Together with endpoint privilege management solutions they deliver a secure means of managing burgeoning IT workloads.
Say ‘hello’ to PAM
In general, all the perils regional organizations face can be addressed through Privileged Access Management (PAM), a suite of strategies and technologies that put management teams back in control of their technology stack. Permissions for users, accounts, processes, and systems must be properly governed to avert data theft, downtime, and a range of other costly outcomes.
PAM shrinks the attack surface and provides flexibility for teams of all disciplines. It helps disrupt attacks and brings back confidence in the technology suite, leading to more effectiveness in its use and more productivity and innovation across the business.