Minimizing Permissions to Improve Cybersecurity
Admittedly, this can present a challenge in workload and regarding pleasing your end users. The requirement for some users to have multiple accounts increases the burden on the security team for account management. It can also interrupt workflow for users with multiple accounts due to the need to switch accounts as they perform privileged and unprivileged actions.
This decreased efficiency often leads employees and organizations to ignoring these principles in favor of productivity. However, failing to properly implement these practices can dramatically increase the probability that an organization will be the victim of a significant cybersecurity incident.
When creating user accounts on a network or computer system, it’s important to observe the principles of least privilege and account separation. This article explains why going to the extra effort and facing the challenge of minimizing permissions is worth the resulting lowered exposure to cyberattacks.
Minimizing Permissions with Least Privilege and Account Separation
Failing to observe the principles of least privilege and account separation is one of the most common and damaging ways that organizations and employees jeopardize their organizational cybersecurity. This can endanger the enterprise by putting these more powerful and dangerous accounts at risk of being compromised through common attack vectors.
What is Least Privilege
In general, enabling a particular user account to perform more than its bare minimum duties is a risky decision from a security context. Whether it’s a benign user acting out of ignorance or a threat actor performing a deliberate attack, a user with access to unnecessarily elevated privileges has the potential to cause significant harm to an organization’s computational resources.
The principle of least privilege states that an account should have only the minimum level of access necessary for the user to perform the duties necessary for the account.
For example, a computer user whose job duties only require the ability to use the Internet and productivity tools like Microsoft Office or similar products does not require Administrator privileges on their computer. By implementing least privilege for this account, the probability of a major cybersecurity incident occurring is decreased since the potential impact that the user can have on the system is minimized.
What is Account Separation
The principle of account separation complements the principle of least privilege. It acknowledges that there are circumstances in which a user may require elevated privileges to perform certain job duties and states that a separate account with elevated privileges should be created to perform those duties and only those duties.
For example, a system administrator has a legitimate need for elevated permissions on devices under their care. This employee should have two accounts: one with limited permissions and one with elevated permissions. When performing tasks that do not require elevated permissions (web browsing, email, document editing, etc.), the limited account should be used. Only in the cases where elevated permissions are required for a task should the more powerful account be used and only for those tasks that require it. This separation insulates (as much as possible) the elevated account from compromise due to threats arising from daily operations.
How Hackers Exploit Excessive Permissions
The vast majority of successful enterprise cyberattacks are based on social engineering. More specifically, spear phishing attacks, in which the end user is specifically targeted by the attacker, are some of the most effective ways to compromise enterprise cybersecurity defenses. These phishing attacks exploit users performing a risky action which requires no elevated permissions: Reading their email.
If an attacker compromises an unprivileged account on a well-managed system, the amount of damage the hacker can do is limited. If no vulnerabilities allow a privilege escalation attack and the system does not provide the ability to pivot to a more valuable system, the impact of the intrusion may be limited to theft or loss of any data available to that specific account on that system.
If, on the other hand, the attacker compromises a privileged account on the system, the potential for harm is significantly greater. Privileged accounts may allow the attacker to steal credential information for other accounts on the system, potentially allowing them to be used to further the attack.
Elevated privileges allow the attacker to compromise the entire system and possibly spread the attack across the network in a way not possible with a limited account.
Practicing Good Privilege Management
A strong organizational privilege management solution is essential to protecting an organization against significant cyberattacks. By separating accounts with elevated privileges from the most common attack vectors, it is possible to dramatically reduce the impact of a cybersecurity incident.
By developing a strategy to achieve employee buy-in and implementing solutions to minimize the impacts of account separation and least privilege on employee workflows, an organization can dramatically improve its cybersecurity posture.
Minimizing permissions is one of many information security considerations you should take to protect your systems. Sword & Shield offers virtual security and compliance consultant (vSCC) services to provide senior level expertise without the effort and expense of hiring additional full-time staff. Learn more about our vSCC services and request a consultation.