Did you know that two of the most infamous data breaches on record, namely at Home Depot and Target, occurred due to a compromise of their network credentials? In both cases, hackers used privileged accounts to access critical business data that gave access to volumes of credit/debit card data.

 

What are Privileged Accounts

Privileged accounts are accounts with elevated access permission that allow only certain account owners to access the most restricted areas of the system and execute select tasks. For example, privileged account users can perform tasks such as installing software, resetting passwords, and making other system changes.

The principle of "least privilege" refers to the concept that any process, program, or user should only be provided with the bare minimum privileges (access or permissions) needed to perform a function. So, for example, if a user account has specifically been created for accessing database records, that user should not also have admin rights. Also, not everyone on your staff needs access to HR or accounting information.

Here is all you need to know about the concept of least privilege:

Managing Access Levels: In most cases, privileges are assigned based on role-based attributes such as the business unit, time of day, seniority, and other special circumstances. Some examples of role-based privileges include:

  •  Least privileged user accounts —standard user accounts that operate with a limited set of privileges. Most of your users should be operating under these accounts.
  •  Superuser accounts —Superuser accounts are essentially admin accounts used by specialized IT users and often come with unlimited privileges. In addition to the read/write/execute privileges, these accounts have the permission to execute systemic changes in your IT network. These privileged accounts offer the highest level of access to the system and are prime hacker targets.
  • Guest user accounts —accounts created on a situational basis that often have the least number of privileges — lower than standard user accounts.

What is a "Zero-Trust Framework"?

According to PoLP, organizations should avoid blindly trusting anything in or outside their network and verify everything before granting access permissions. There are certain best practices that you must follow to implement PoLP in your security policies efficiently:

  1. Conduct a privilege audit for all your existing programs, processes, and user accounts to ensure they have only the bare minimum permissions required to do their jobs.
  2. Start all your user accounts with privileges set to the lowest possible level. Implement least privilege as the default for all your existing and new user accounts, applications, and systems.
  3. Keep track of all the activity on your network, including access requests, systems changes, and individual logins. Having a comprehensive understanding of who is operating on your network is critical to controlling who can access what.
  4. Maintain a Security Awareness Training regimen and monitoring management platform that allows flexibility to elevate and downgrade privileged credentials securely.
  5. Audit, Audit Audit! Conduct regular audits to check if there are any old accounts, users, or processes that have accumulated privileges over time and analyze whether or not the elevated privileges are still relevant.

Failing to implement a Zero-Trust Framework can have devastating consequences.

The Home Depot and Target breaches both started with stolen vendor logon credentials. The exploitation of existing network vulnerabilities allowed them to gain further access. As all of this went unnoticed for months installation of memory scraping malware became a breeze and the hackers ended up walking away with information on millions of credit and debit cards, as well as email addresses. The stolen payment cards were put on for sale on the Dark Web and the email addresses were used to put together extensive phishing campaigns (for more information: Case Study: The Home Depot Data Breach - BestAcademicExperts.com | BestAcademicExperts.com)

For any organization, data is a valuable asset that has to be protected at all costs.

Sensitive information, such as cardholder data, social security numbers, client email addresses, and medical data, should be stored wisely and protected from random access. Separating environments and enforcing their security with regular auditing for access and changes, goes a long way in minimizing the impact a cyber attack can have on your business.

Contact us now to see how you can implement and leverage the powerful capabilities of PoLP. Contact us at 845-237-2117.

 Meeting Tree Computer is a complete technology solution provider and the leading IT Support and Managed Service Provider for businesses in Orange County, NY, and surrounding areas.