When it comes to protecting data, removing admin rights is one of the most effective methods at an organisation’s disposal. Doing so minimises the likelihood that a successful attack on an individual’s account will be able to affect widespread system changes or install malware.
But many organisations still overlook the fact that restricting user admin rights represents just one cog in the data protection machine. Risks can never be completely removed but, by complementing the removal of admin rights with additional security measures, businesses can go a long way towards reducing the impact of any attacks.
More security means less privilege across the board
In 2017, our Microsoft Vulnerabilities Report showed that 80 per cent of all vulnerabilities in core applications, such as Word, Excel and PowerPoint, can be eliminated by restricting the number of individuals who hold admin rights within an organisation.
Although it is a strong starting point, organisations must view this as a platform to build their data security on, rather than a silver bullet to end all concerns around potential attacks. For example, a default setup of user accounts that hold the lowest possible level of privilege needed for staff to carry out their roles can bolster security by:
- Minimising the parameters of an attack: Attackers will only be able to access areas of a business related to that user’s role, further reducing the type and amount of information they can access.
- Reducing the spread of malicious software: Should an account become compromised, embedded malware will only be able to disseminate across a small part of a network, again minimising an attacker’s impact.
- Reducing insider threat: Attacks can originate from inside an organisation through aggrieved employees. By creating an environment of least privilege, businesses can reduce these users’ access solely to the data and systems pertinent to their roles, again enhancing data protection.
- Increasing network stability: Unsolicited changes can be identified more quickly and easily when the scope of systems and files affected is reduced, giving organisations a timely advantage when it comes to resolving them.
The advantages of least privilege adoption are seen most prominently when organisations are faced with a successful assault on their systems. In cases where attackers can breach a company’s outer defences, the level of access they will be granted on the inside is significantly reduced.
Although it is often only when an organisation suffers a successful assault on its systems that it is able to appreciate the benefits of this approach, being prepared for this situation is invaluable. Under least privilege adoption, attackers that breach a company’s outer defences will find that they are granted a significantly reduced level of access to its data and systems.
Layering your security with application control
To better defend themselves against malicious attacks, organisations should be actively introducing application control.This important additional layer of security makes certain that unauthorised applications are unable to execute in a way that compromises the security of data.
The process is managed through a process of whitelisting and blacklisting all applications, ensuring administrators have full visibility and control over their IT systems. The advantages of application control include gaining the ability to:
- Monitor and adjust applications within a network: Provides a clear and complete picture of all active and inactive applications and systems.
- Prevent unauthorised execution: Only authorised applications can execute. All executions that are not approved on a whitelist are automatically prevented from doing so.
- Better understand data traffic: Companies operating application control can more easily monitor the flow of data within their systems, providing details on users’ access requirements and activities.
- Improve network stability: By limiting the extent to which changes can be made, administrators can promote greater stability and better mitigate adverse changes.
- Protection against known exploits: Vulnerabilities in unpatched operating systems and third-party applications can be reduced.
By controlling applications in this way, businesses can reduce their vulnerability to attacks by gaining more control and visibility over the way in which their systems interconnect with applications. This provides greater visibility over the transfer of data throughout their organisation as a result.
Those that are committed to developing stronger safeguards against cyber threats shouldn’t rely on just one method to keep their data safe. Instead, they should proactively combine methods to bolster the security setup of their business and reduce the risk of damaging data breaches as a result.
About the author: Andrew has been a fundamental part of the Avecto story since its inception in 2008. As COO, Andrew is responsible for Avecto’s end-to-end customer journey, leading the global consultancy divisions of pre-sales, post sales and training, as well as customer success, support and IT.
Source: infosec island