It is a new world where the old concept of perimeters does not apply any more. With remote workers logging in from anywhere with any device, the only way to authenticate users is identity. While this provides users with an easy way to access systems, in the hands of malicious actors, this can become extremely dangerous. In the remote working scenario, the impact of this threat gets amplified, as the home or remote user gets additional rights that are sometimes equivalent to a privileged user. Unlike the office environment, where the identity was protected in a confined perimeter, there is no such thing in the case of remote workers.
Once a standard user gets a type of privileged account, it allows him or her to have administrative rights on the desktops or systems they use. This exposes the organization to a huge number of risks. If standard users are assigned privileged rights, they can by mistake make some modifications to the data without understanding or realising the consequences. In some cases, hackers may get hold of the credentials to the privileged accounts and start using these accounts to move across the organization in an undetected way. Once hackers make an entry, it is difficult to track them, as privileged accounts have the required rights, and hence, any malicious action is difficult to detect. A case in point is the recent SolarWinds attack, where hackers used privileged access to move undetected.
Unsecured devices are another big vulnerability in the home environment. It is common for households to use the same official laptop or mobile for logging in to online school classes. If the same systems are shared, then it increases the risk of data leakage. A family member may not be as aware as an employee is, of the dangers of clicking on a phishing e-mail. And if someone does use an official laptop and clicks on a malicious e-mail, then a hacker can take advantage of this situation and install malware on the individual desktop or laptop. This can then be used for malicious attempts such as installing ransomware, staging attacks or for just stealing valuable information. Worst, with powerful credentials, hackers can even bypass security controls and turn off monitoring systems.
Mitigating the risks of remote working
In the current IT landscape, monitoring of privileged accounts is an absolute necessity and is considered more important than access and identity management. Enterprises must hence follow a holistic process for mitigating the risks from privileged accounts. Most remote users have administrative account access which can create huge security issues. This risk can be mitigated by removing local administrative rights. It is also critical to give employees the least access privileges and give them only the basic access that they require to perform their work. Only trusted applications must be allowed to be installed.
A privileged access management solution can be used to reduce risks. For instance, considering today’s complex landscape, a privileged access management solution can automatically discover, and onboard privileged credentials and secrets used by human and non-human identities. It is important to include machines, bots and applications too. As in a typical enterprise today, the machines and bots too have privileged access. It is hence imperative to manage all identities under a central console.
With a privileged access management system, enterprises can monitor where privileged access exists, at what layer, understand who has access and detect and alert organizations in case of any malicious activity. Centralized policy management allows administrators to set policies for password complexity, frequency of password rotations and determine which type of users can access. Automated password rotation helps strengthen security while eliminating time-intensive, manual processes for the IT teams. Similarly, compliance can be maintained with the help of recorded key events and audit trails. This can be reinforced with another layer of security by using context-aware multi-factor authentication solutions. The security challenges thrown upon by remote working practices can be mitigated with a comprehensive privileged account management strategy that ensures only legitimate users have access rights.
Today, identity is the only perimeter and this fact has profound implications on the approach for designing security policies. From the select few groups of users (system administrators or network administrators), today, any user (customer, supplier, third-party vendor, employee) can become privileged under certain conditions. As can be seen from the huge number of data breaches, hackers today do not even need a privileged account to gain entry. All they need is an ‘identity' that is typically obtained using social engineering techniques and phishing e-mails. Once they get access to the identity and the subsequent username and password, they start stealthily moving into the company’s network and try to start unlocking different levels of access. Layer by layer, identities can be compromised and privileges can be assigned. This continues till the hackers reach their ultimate goal or objective. This could either be a company’s intellectual property or a database of customers. It is then up to the attacker to either encrypt your data using ransomware or simply leak the database into the open. From Twitter to the recent SolarWinds attack --- all major hacking incidents have involved the manipulation of privileged access. The scale and complexity of threats make it abundantly clear that identity is the new fortress and has to be defended using a zero-trust approach, where access is defined on the principles of least security privileges.