We would like to keep you up to date with the latest news from MSP Channel Insights by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of MSP Channel Insights is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The MSP Channel Insights Video magazine contains the latest Zoom interviews with experts in the industry.
Endpoints – the desktop computers, laptops, tablets and phones employees use to carry out their work – are the backbone of productivity in every organisation. Their criticality ensures they will remain ubiquitous in the workplace for years to come; and the same is true for the cyber criminals seeking to find an open door to the systems they connect to.
Once inside, they can wreak havoc. If a hacker can gain access to an organisation's network or cloud storage via just a single endpoint, they will have a foothold from which they can move laterally to steal data, make changes to apps or servers, or plant malware or ransomware, for example. The impacts can be catastrophic. The Met Police data breach revealed in August, in which personal details of officers were leaked into the public domain, has been attributed to a hacker gaining “unauthorised access” to a supplier’s IT system.
The ‘insider’ threat
Threat actors are continually engineering an increasingly diverse and sophisticated array of exploitation techniques to find weaknesses at the endpoint. It’s often the simple tactics that are most effective, however. A distracted employee clicking on a link in a phishing email, an individual accessing the corporate network over an unsecured wifi connection, or the accidental exposure of privileged credentials can all turn an endpoint into a gateway.
Even the most cyber-savvy employees will slip up now and again, and cybercriminals know this all too well. According to Verizon's Data Breach Investigations Report, human error is a contributing factor in four out of five data breaches, while the World Economic Forum also reports that 95% of cybersecurity issues can be traced to human error.
The privilege problem
These days, cyber attackers prefer logging in to hacking in, and if there’s way they can get their hands on user credentials, they will. The greatest risk comes from those accounts and credentials that carry privileged access rights.
While a ‘regular’ user may only need to log onto their laptop and complete everyday tasks such as accessing their emails and Microsoft365 apps, special administrator privileges are occasionally required to complete certain tasks, such as installing a new application, updating software, or changing a configuration setting. As more business is digitised, more staff members – and also in some cases third-party vendors – will need to be able to carry out this kind of task.
If privileged credentials fall into the wrong hands, these greater access permissions can be used to hop from a single device to an entire company network where sensitive data can be stolen or deleted, other user credentials found, and software and other components modified.
It is imperative, therefore, that organisations limit the granting of local administrator rights, and allow only the lowest privilege levels the user needs to execute a task. However, this must be done in a way that enables employees to do their jobs effectively.
The truth is that within every organisation, there are too many users that have local admin rights they don’t need on their desktops, laptops and other devices. The simplest solution to the problem
would be to strip all of these rights away – but this would have a significant impact on productivity, while at the same time increasing the IT team’s workload.
Control, don’t block
Endpoint Privilege Management (EPM) is an approach to managing uncontrolled access that strikes the balance between defending systems and data against compromise, and allowing employees to get on with their jobs. Instead of elevating a user, which gives them unlimited privileged access, the approach switches focus to elevating the applications and processes. The IT team is able to grant approved users permission to run specific applications with elevated permissions for a limited period of time, to carry out specific actions.
Users can do what they need to do, while IT retains visibility over all actions in case activity needs to be stopped, or incidents need to be investigated at a later date. If permissions need to be granted on an individual basis, for each user and application, IT will be buried under an avalanche of requests – so ideally EPM tools should allow rules and policies to be created and then applied at scale.
Of course, as with all cyber security defences, strength comes from building multiple levels of protection. As more and more business processes are digitised, limiting the potential threats associated with privileged accounts should be one of these layers. Reducing access to elevated privileges using EPM reduces the potential attack surface, while prioritising productivity – ensuring staff can continue to safely access the IT systems, services and data they need to be effective.
