Is locking down privilege escalation in 2021 the key to cybersecurity?
By now, you most likely heard of the SolarWinds Breach. It represents one of the most devastating breaches on the U.S. government, easily becoming the Breach of 2020. Further, it raises new questions moving forward about the future of cybersecurity, cyber-warfare, and business workflows online.
As we dove deeper into the SolarWinds Breach, the more questions we found. One of the most interesting and the most critical we found involves privilege escalation in 2021. As part of the SolarWinds breach, the hackers responsible initially granted themselves powerful permissions in the SolarWinds Orion software.
These privileges, once gained, enabled the hackers to establish their nefarious backdoors and lateral movements, causing the true damage of the breach. Yet the foundation of the attack builds on privilege escalation.
Here’s why privilege escalation could devastate your business in 2021, and why locking privileges down matters now more than ever.
What is Privilege Escalation in 2021?
Privilege escalation is a nefarious action that both external and internal actos could undertake. As you probably already know, every actor on your network and IT environment possesses certain permissions. These permissions enable access to certain databases, applications, and IT architectural tools (the ability to post on the company blog, for instance).
Ideally, your enterprise should follow the Principle of Least Privilege. More of a guideline than an actual capability, the Principle of Least Privilege states that each account and user should only possess the privileges they absolutely need to perform their roles. That’s it.
However, while enterprises often begin by following the principle of Least Privilege, they often fail with maintaining it and following through. Sometimes, the necessity of temporary projects leads to users acquiring more permissions than they need to fulfill them; frequently, enterprise IT security teams forget to revoke those temporary privileges after the fact.
Additionally, as employees take on new roles or move into lateral positions in the business, IT security teams can lose track of who has what privileges.
All of these are examples of privilege escalation. Yet without the right kinds of management tools and capabilities in place, users can raise their own privileges without alerting the security team. This means that if hackers infiltrate the network, they could do the damage inflicted on Solarwinds…and then some.
How to Lock Down Privilege Escalation
One of the first things your enterprise needs to do in 2021 is to ensure privilege escalation can only occur in controlled and monitored ways. Deploying privileged access management can certainly help secure your privileged users (although 2021 may be the year to consider who has privileges and why). However, deploying identity governance and administration (IGA) solutions can help prevent privilege escalation in 2021.
IGA solutions keep temporary privileges temporary by implementing automatic timers on all project-based assigned privileges; this helps IT security teams reduce their workloads and keep access controlled. Further, IGA solutions can lock permissions to certain roles through role management, reducing the possibility of malicious privilege escalation by external or internal actors.
Finally, with IGA you can revoke privileges from users, which helps manage their privileges if they somehow exceed their roles. Learn all you need to know in our IGA Buyer’s Guide.
- The Many Forms of Single Sign-On - July 23, 2021
- Analysis: The 2021 Gartner Magic Quadrant for Privileged Access Management - July 21, 2021
- The Highest-Rated Books for Identity Management Engineers - July 21, 2021