Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Excessive User Privileges Challenges Enterprise Security: Survey

It is no secret that enterprises sometimes have trouble keeping a handle on privileged users. In the wrong hands, excessive privileges can lead to data breaches and sleepless nights for IT.

It is no secret that enterprises sometimes have trouble keeping a handle on privileged users. In the wrong hands, excessive privileges can lead to data breaches and sleepless nights for IT.

According to a survey from security firm BeyondTrust, which focuses on privilege management issues, more than 47 percent of the 728 survey participants said users in their organizations have elevated privileges not necessary for their roles. Twenty percent reported that more than three-quarters of their user base run as administrators. In addition, 33 percent said their organizations had no policies for privileged password management.

“The majority of users do not typically require the ability to install their own software or make changes to system properties,” according to the report. “Providing them with this ability can lead to, at a minimum, inadvertent errors and increased demand on internal IT help desks. Worse, it provides opportunities for malicious employees, or attackers who have compromised employee credentials, to steal sensitive information or disrupt network operations.”

The survey – dubbed ‘Privilege Gone Wild 2′ – backs the findings of a report from the Independent Oracle Users Group in which 54 percent of respondents reported that abuse of privileges by IT staff was among the top threats to enterprise data. A separate study by research company Ovum found that 59 percent of the U.S. businesses surveyed felt privileged users posed a threat to their organization.

Brad Hibbert, CTO of BeyondTrust, listed three reasons employees end up with excessive privileges. First, it makes life easier.

“Granting users’ full admin rights on desktops / servers ensures that they can perform their job tasks without the pushback,” he told SecurityWeek. “Of course this is somewhat short-sighted as this approach raises security concerns and can also impact longer term operational costs as the help desk is engaged to troubleshoot and address issues including misconfigurations, malware and unlicensed software.”

The other two reasons are a lack of oversight as employees move from job function to job function and a lack of “native delegation capabilities” of the operating systems being used, he said.

Seventy-nine percent of respondents in the BeyondTrust study indicated they felt employees are somewhat likely to very likely to access sensitive or confidential data out of curiosity.

“A regular review by managers and supervisors of their employees’ access rights will help reduce permission bloat and users having access to unnecessary systems,” said Hibbert. “Access reviews can be performed as needed or scheduled to occur periodically – for example, every calendar quarter, enabling you to conduct periodic access reviews to maintain the correct level of user privileges. The review schedule will depend on the sensitivity of the access and effort in performing the review. It could range from weekly to quarterly to yearly.”

“One approach that enables more frequent reviews is performing delta attestation analysis between full-attestation reviews,” he continued. “That is, ‘show me how access has changed since the last review.’ This result enables more frequent reviews on a smaller subset of entitlements.”

 

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.