Privilege Access Management, cyber attacks often still operate primarily on the premise that a logged in user has privileged access to their workstation or Laptop, this aspect has never changed despite platform providers ‘improving’ their security models over time.
From Phishing to Ransomware, the majority of attacks today rely on the user having sufficient privilege to access a administrative credential on a users computer, or having sufficient access to that machine or the network for malware to make changes to files, configuration on the device and start to move laterally across the network looking for a way to create persistence and eventually steal what they set out to take.
In the 00’s we as IT provided the end users with Administrative access to their own workstations, it simplified application installs, kept everyone happy and meant that Desktop support was busy fixing accidentally deleted files!
During this time I saw:
- SQL Slammer
Cyber Crime was around in the 00’s and it was crippling to a business when it struck, but these attacks were designed to cause a commotion that would lead to more notoriety for the author – not theft as is the case today.
Role onto 2018 …..
In a much more enlightened and Cyber aware 2018, we must have taken away those local privileges, they are no longer needed for application installs or access to configuration (well except if one wants to change the Date/Time!) items through the control panel (Microsoft) or Preferences (MacOS) and users don’t need to be able to add a printer when they take their laptop home with them, what if the end user is a developer? or a Systems Administrator with Domain Admin credentials and AWS certs on their laptop………
The Australian Signals Directorate Essential 8 recommend removing/Restricting Privilege access to end points as one of the most important cyber resilience measures your organisation can undertake for good reason.
This is the problem with local Privileged access rights in todays businesses
Considering the usefulness in a Cyber attack of a local ‘god’ account, when is it the right time to remove local admin rights and find an alternative least Privilege Install model to ensure that when a Cyber attack happens, the damage is reduced and restricted.
If you would like to know more about the above then contact me. If you just want to evaluate a method for managing ‘Least Privilege’ on your workstations (Windows and MacOS) then link on the following link: