We’re all guilty of it. Finder.com estimates that Americans spend nearly two hours a day shopping online while at work, presumably using work machines. Whether scoping out springtime sales or putting that tax refund to use, this habit effectively makes each bargain-hunting employee a potential insider threat to their organization.
The hard reality is corporate workstations typically aren’t isolated devices, but rather gateways to lucrative data and assets like intellectual property, sensitive PII for millions of employees or customers, access to partner or third-party networks, and the ability to hold an organization or city ransom. This latter threat, tied to ransomware, was the fastest growing form of attack affecting businesses in 2019 according to Accenture, up 21% from 2018. It’s also one of the top three threats faced by 59% of respondents who participated in the 2019 Global Advanced Threat Landscape survey, all of whom were security professionals.
Unfortunately, standard security protections put in place by many organizations aren’t always enough to stop ransomware attacks, which can be delivered via simple phishing emails that easily slip by anti-virus and firewall tools. Once inside a corporate network, these attacks almost always follow the path of least resistance, targeting privileged credentials that can be exploited to escalate access and move laterally through the network until the ultimate target is reached.
So how can security teams safeguard against potential insider threats? Implementing least privilege policies on corporate workstation is an extremely effective way of stopping an attack from spreading elsewhere in the network.
Ramping up on Least Privilege Practices
In that same Advanced Threat Landscape survey, only 27% of respondents said that their organizations were planning to introduce “least privilege” security on infrastructure that runs their business-critical applications. Only 27%. That’s a big problem. Insider threats – whether accidental or malicious – account for roughly a quarter (28%) of all data breaches and are often the most costly and difficult to detect. There are several reasons for this, but the most important one is simply that these “trusted users” have access to sensitive information and can often legitimately bypass security measures without raising red flags, making them an ideal target for attackers.
To ramp up least privilege practices, and overall protection against the dangers of online shopping at work, organizations can home in on a few core practices:
- Automatically determine what applications are trusted by the organization, identify what privileges are required by each of these applications, and create policies based on these trusts to save valuable IT time and effort.
- Enable trusted applications to seamlessly run in the environment while automatically blocking malicious applications and restricting privileges for unknown applications. Optionally enforce strict whitelist policies where needed.
- Remove local administrator rights from business users, but enable seamless privilege elevation, based on policy, to keep users productive without increasing the attack surface.
- Utilize tools to automatically detect and block attempts to steal credentials that would enable attackers to elevate privileges as they move through the network looking for sensitive information.
While ideally employees should not be online shopping at work, it must be assumed that someone, somewhere may not be able to resist the deal of a lifetime while on the clock, which could ultimately land them and their organization in hot water. Locking down privileged credentials on workstations is a crucial, but often deprioritized, step in preventing a devastating attack from gaining a foothold on the network.
EMEA Technical Director
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.