Why Removing Admin Rights Closes Critical Vulnerabilities in Your Organization
#1
Lightbulb 
Quote:
[Image: heimdal-logo.svg]

Deescalating Admin Rights Is Not All About Diminishing Insider Threat. Managing Admin Privileges Leads to Better Security Against External Threats


First of all, let’s clear up any confusion the title might have brought on: this is not about removing admin rights forever, for everyone but yourself or anything like that. This is about making the removal of admin rights the default setting in your organizational network.

After making sure every employee but a few system administrators have a user profile instead of an admin one, the administrative rights should be managed by a case by case basis.

Since we recently launched our automated admin rights privilege management software, Thor AdminPrivilege™, I decided it would be the perfect time to dive in-depth into this topic.

Here is our best guide on how removing admin rights improves your security on all counts and how to be effective about it (regardless of whether you use our software or not).

What you can expect to find in the following guide:

* Why free admin rights are dangerous (for both internal and external threats)
* The vulnerabilities which get closed by removing admin rights
* How risks are minimized by closing admin rights
* Data and real-world examples
* Best practices for minimizing risks derived from admin privileges

Ready? Let’s go!

Managing Admin Rights for Neutralizing Insider Threat

You may already be familiar with the concept of neutralizing insider threat by managing admin rights.

First of all, as a disclaimer, you should know that removing admin rights for regular users inside your organization doesn’t completely eliminate risks associated with insider threat. You can’t control for everything a user might be doing which is dangerous just by deescalating their administrative rights on their endpoint.

There are still plenty of risky things which an employee can do, both intentionally and unintentionally, even without admin privileges. These include:

* Setting a weak password or a password they also use for other personal accounts;
* Sharing their password with others, who might be targeting the employee for malicious purposes;
* Clicking unsafe links from emails or the web;
* Giving protected information to malicious third parties, because of a scam (like CEO fraud) or intentionally;
* Snooping through the files on a colleague’s workstation when they leave it unattended (risky especially if the colleague has access to more sensitive data than they do);
* Inserting an infected USB stick or external hard drive into a work station.

Still, removing admin rights by default is often a bare minimum for reducing insider threat considerably. While not a lot of people know that removing admin rights still doesn’t prevent all insider threat risks, almost everyone knows it’s a good thing to do, security-wise.

Here are just some of the risks derived from granting everyone admin privileges. As you’ll see, a user can do even more harm to your organization if they do have access to full administrative rights. Such things include:

* Installing malicious apps like spyware or malware meant to steal money, data or disrupt activities;
* Creating back-doors for third parties to install malicious apps or to hijack the systems;
* Access or export sensitive data which can then be further mishandled;
* Creating changes to lock legitimate users out of the systems;
* Publishing misleading or embarrassing content in order to cause a PR crisis etc.

Of course, this doesn’t mean that the user would willingly do all of these things, but it’s something which hackers could accomplish by tricking a user with admin privileges. The trick could be accomplished by almost anything – a spam email, a USB stick which the hackers replaced with one of their own and so on.

So why then do some organizations still allow default administrative rights to their users? Because they are still succumbing to some dangerous myths about admin privileges:

* Only employees who hate us could cause harm and we get along well with all employees;
* We have anti-virus and a firewall installed so we’re fine, there’s no harm they could do;
* If admins need to approve all requests they will lose a ton of time;

I have to admit that there may be a grain of truth in some of the myths above, but not in the way people who buy into these myths may think. For example, it does indeed help to have an anti-virus solution and firewall installed, but it’s not enough.

Also, it is true that admins lose a bit of time approving admin rights requests but that’s nothing compared to the risk they help avoid and, more importantly, the time waste can be completely avoided by using an admin rights management software (like our Thor AdminPrivilege™).
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AMD Strix Halo iGPU naming revealed: Rad...
Please note that t...harlan4096 — 12:36
Waterfox 6.5.1
6.5.1​ Fixes​ ...harlan4096 — 12:34
QOwnNotes 19.1.6
24.11.1 The mar...Kool — 15:27
Intel Core Ultra 200S Arrow Lake-S desk...
Intel confirms Core ...harlan4096 — 08:46
How (not) to play tanks and catch a back...
Cybercriminals hav...harlan4096 — 17:59

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (39)idilamoz
avatar (56)Stefanos
avatar (29)alison30
avatar (29)marcojanson42

[-]
Online Staff
There are no staff members currently online.

>