Privilege abuse is the fraudulent practice of using an account with additional privileges, also known as a privileged account, to access, exploit, or damage confidential business entities. By impersonating privileged users, attackers hide from the security defenses and maintain a persistent presence because it’s not unusual for privileged users to access your organization’s most sensitive resources.
Privilege abuse is the
direct result of poor access control: Users have more access rights than
they need to do their jobs, and the organization fails to properly monitor the
activity of privileged accounts and establish appropriate controls.
Privileged accounts are
a gateway to critical systems and data. Abuse of these powerful accounts can
lead to the loss of sensitive data and business intelligence, as well as
downtime of systems and applications essential for business operations.
Privilege abuse can be
difficult to detect because many indicators of privilege abuse seem typical behavior
for privileged accounts.
Common
Challenges Related to Privileged Accounts
1. Proliferation of Shared IDs - Employees at some times need to be
given additional privileges to perform functions beyond their normal
responsibilities. In these situations, organizations might allow privileged
users to share one or more common user IDs. This approach is undesirable
because it leads to the proliferation of shared IDs, making it difficult to
attribute a particular action to a specific individual.
2.
Third-Party Access – Third parties play an increasingly
important role in an organization’s IT ecosystem. However, many third
parties may not be as secure as the organizations to which they provide
services, making them prime entry points for attackers. It is especially
important to monitor the activities of third-party vendors if they have access
to critical IT systems.
3.
Meeting Compliance Obligations - It is critical for
organizations to enforce compliance to industry regulations.
4.
Privilege Creep - Privilege creep is the phenomenon by
which employees accumulate high levels of access to IT infrastructure, some of
which they are not entitled to have. It occurs when employees obtain login
privileges for new systems while retaining access to old ones, even as they
change roles and move across the organization. It is important to correlate
current permissions and roles with the actual business needs of privileged
users on a regular basis.
The principles of
Privileged Access Management are generally:
- Ensure that only those users who
absolutely need access to a given set of privileges on desktops and
servers have those privileges, and only for those systems for which they
have a need.
- Ensure that privileged access is
only used when it’s needed and “un-granted” when it’s no longer required.
- Centrally manage privileged access
such that access can be granted and revoked quickly.
- Ensure that there is an audit trail
for any privileged operation.
No comments:
Post a Comment