How to ensure the security of privileged users
Any employee in any company, without exception, can fall victim to a cyberattack. Cybercriminals target everyone from the "big fish" like CEOs and other members of upper management, to junior professionals – and can even engineer an invasion through the privilege escalation method. However... things are much easier for the bad guys if they can compromise an account with higher levels of privilege from the outset, right?
In terms of networks and computer systems, "privileged user" refers to an individual whose account (i.e. credentials) are configured to be able to apply drastic and profound changes to that environment. This includes accessing restricted documents, deleting files, saving documents, changing settings, and so on. As the name implies, the higher the privilege, the more changes are possible.
And that’s what makes this user the perfect target for cybercriminals. After all, if a malicious actor manages to compromise the credentials of a privileged user, they can navigate the computing environment with the same level of privilege, while free to steal an even greater amount of information, open doors for future attacks, install malicious scripts, delete entire databases, and even edit logs to exit the system in question without a trace.
Each to their own
While all employees must be dedicated to cybersecurity and adhere to good digital data protection practices, privileged users require additional shielding. Fortunately, by following a few tips, you can reduce the risks and impacts in the event of an attempt to compromise a high-privilege account. It is worth noting that the user and the cybersecurity team need to work together to do this.
First of all, administrators need to differentiate between the concepts of "privilege" and "duty”. There’s no problem having several privileged users in your environment, but according to their professional role, it makes sense to set which functions each can perform to complete their tasks: read, edit, delete, execute, and so on. This way, we ensure that the different privileged users only have privileges specific to their occupation on the team.
It is also worth investing in segmenting systems and networks. Let's say the corporation has three servers and five software-as-a-service. Why would a privileged user need high privileges in all these environments when their daily tasks merely require access to documents on the first server and they only use two of the five contracted software? Segmentation prevents an attack from spreading and makes it easier to isolate.
Awareness also helps!
There are many frameworks and automated solutions designed specifically to ensure more effective monitoring of privileged accounts. After all, when it comes to privileged access, one of the biggest problems is a lack of visibility – that is, knowing which individual can do what and where.
Lastly, privileged users must adopt better cybersecurity habits, now more than ever, using strong passwords that are updated periodically, never sharing them, never using unknown USB devices on professional equipment, and so on. These best practices must be reinforced through a good information security awareness program!
