Abuse of Privileges

Privilege abuse is the fraudulent practice of using an account with additional privileges, also known as a privileged account, to access, exploit, or damage confidential business entities. By impersonating privileged users, attackers hide from the security defenses and maintain a persistent presence because it’s not unusual for privileged users to access your organization’s most sensitive resources.

Privilege abuse is the direct result of poor access control:  Users have more access rights than they need to do their jobs, and the organization fails to properly monitor the activity of privileged accounts and establish appropriate controls.

Privileged accounts are a gateway to critical systems and data. Abuse of these powerful accounts can lead to the loss of sensitive data and business intelligence, as well as downtime of systems and applications essential for business operations.

Privilege abuse can be difficult to detect because many indicators of privilege abuse seem typical behavior for privileged accounts.

Common Challenges Related to Privileged Accounts

1. Proliferation of Shared IDs - Employees at some times need to be given additional privileges to perform functions beyond their normal responsibilities. In these situations, organizations might allow privileged users to share one or more common user IDs. This approach is undesirable because it leads to the proliferation of shared IDs, making it difficult to attribute a particular action to a specific individual.

2. Third-Party Access – Third parties play an increasingly important role in an organization’s IT ecosystem. However, many third parties may not be as secure as the organizations to which they provide services, making them prime entry points for attackers. It is especially important to monitor the activities of third-party vendors if they have access to critical IT systems.

3. Meeting Compliance Obligations - It is critical for organizations to enforce compliance to industry regulations.

4. Privilege Creep - Privilege creep is the phenomenon by which employees accumulate high levels of access to IT infrastructure, some of which they are not entitled to have. It occurs when employees obtain login privileges for new systems while retaining access to old ones, even as they change roles and move across the organization. It is important to correlate current permissions and roles with the actual business needs of privileged users on a regular basis.

The principles of Privileged Access Management are generally:

• Ensure that only those users who absolutely need access to a given set of privileges on desktops and servers have those privileges, and only for those systems for which they have a need.
• Ensure that privileged access is only used when it’s needed and “un-granted” when it’s no longer required.
• Centrally manage privileged access such that access can be granted and revoked quickly.
• Ensure that there is an audit trail for any privileged operation.