Answer
Michelle GoodMan
RISKOFOVERLYPRIVILEGEDUSERS.edited1.docxRunning Head: DATA SECURITY 6
Title:
Student’s Name:
Professor’s Name:
Date:
Risk of Overly Privileged Users
The privileged users are the people who have been given a particular set of exclusive rights to access and use computer systems (Moses & Rowe, 2015). They can be referred to the key holders of the critical computer systems. They can easily access various sets of the organization’s data, workflows, resources as well as security controls. However, this exclusive rights and privileges that the users have might have a lot of negative impacts to the company since they can easily change some of the features and conformations of the company’s cloud environments which include the organization’s Salesforce elements. This move can put the company's data at very high risk, and the privileged workers can also be in a position of covering up their history and tract of their actions thus making it hard to identify the sources of the security issues and threats.
Various accounts are managed by privileged users in a company. The domain administrator accounts are some of the accounts that are accessed by privileged users. These accounts have access to all company's servers through the specific domains, thus making it easy to make changes in the administrative accounts. These accounts form the most critical level of control on the company’s systems. Other accounts include the local administrator accounts, application administrator accounts, business privilege user accounts, service accounts, as well as emergency accounts (Hassandoust & Techatassanasoontorn, 2020).
There are a lot of reasons which makes privileged users can pose a very high-security threat to the company. The first reason is that managing privileged users can be very difficult. Most of the privileged users have a high degree of accessing the resources of the organization, and they, therefore, have a lot of knowledge about the company's structure. Most of these users are employees who are mostly in leadership or management positions. Some of the users are those who have worked for a very long period, and it is easy to trust them. Most of the companies are not often suspicious about their activities, and it is easy for them to allow them free access, make changes and also interfere with the company's systems. Sometimes it becomes sturdy for the monitor and supervises the activities of these users. Another factor that makes it hard to manage privileged users is because whenever they comprise the company’s network or systems and create other new accounts, it becomes severe in determining if the access of the system was legitimate or not. Sometimes the company can wonder whether the move or the changes that were done were a normal engineering process or it was done with malice. The company can only know the nature of the intention of the changes when they closely track every aspect of the users' activities in the organization's systems.
Another reason why there is a high-security risk for a privileged user is that they are taken as insider threats (Mullen, 2011). The security elements and interface are drastically changing over time from the external attackers to internal or insiders interface. The insider threats are not that it only allows or gives ways to external attacks but also gives room for malicious internal users of the systems. They can easily access some of the most sensitive cloud applications such as Salesforce as well as Office 365.
Research conducted in 2020 showed that about 70% of companies have a feeling that they are on high vulnerability to insider threats. About 50% of the company’s sight that it is complicated to detect insider attacks thanks to the migration to the cloud environment. Some of the most common insider threats include the privileged IT users, which represents about 64%, contractors (49 %), regular workers (50%) and the privileged business users who represent 49% of the threats. In addition to that, departing workers can be a source of insider threats who can take the company’s data to the rivals of the company, thus risking the company's business secrets.
The evolution of the privileged users’ permissions is another factor that makes the privileged users a threat to the company’s security of the systems. Many of the privileged users have different duties that might keep changing over time. This factor allows the company’s privileged users to access a wide range of organization’s data in different departments. However, the roles of these users keep changing, and this affects also affects their permissions for accessing the systems. Sometimes the companies might give a lot of permissions to access the systems without proper monitoring and approval. This factor might make it easy for privileged users to access other systems with without been monitored a lot, thus risking the system's security.
In most cases, privileged users are the ones that are targeted by cybercriminals (Pešić & Veinović, 2016). The accounts of privileged users are the ones that have a lot of sensitive and essential data of the company. In that view, cybercriminals who aim at accessing the company's sensitive and critical systems find it more useful to access the accounts of privileged users. When they have attacked these accounts, it becomes a bit easy to access the company's data without raising the alarm. In case the privileged users do not notice the attacks, this can go on for a very long period and high risk the company's systems.
This factor is becoming very risky for most companies who do not highly qualified privilege users who can hardly detect cyber threats. Besides, some cyber threats are very sophisticated and can hardly be detected unless under very strict or advanced skills in cybersecurity. When the cybersecurity of a company is breached, the company can quickly lose a lot of money and other resources, thus ruining the growth of the companies.
The compliance considerations are another factor that creates a security threat for privileged users in a company. There are a lot of compliances and regulations that need to be complied to, such as HIPAA, CCPA, as well as PCI (Haber & Hibbert, 2017). These compliances require the companies to identify only the specific users who should access some data. These privileged workers can take advantage of this factor and therefore start making some malicious changes to the systems which can be a significant security threat to the company's systems.
Haber, M. J., & Hibbert, B. (2017). Insider threats. Privileged Attack Vectors, 69-73. doi:10.1007/978-1-4842-3048-0_6
Hassandoust, F., & Techatassanasoontorn, A. A. (2020). Understanding users' information security awareness and intentions. Cyber Influence and Cognitive Threats, 129-143. doi:10.1016/b978-0-12-819204-7.00007-5
Moses, S., & Rowe, D. C. (2015). The SNAP principle for mitigating privileged account breaches: How secondary non-admin privileged accounts can reduce breach impact. 2015 World Congress on Internet Security (WorldCat). doi:10.1109/worldcis.2015.7359408
Mullen, T. “. (2011). The creation and maintenance of low-privileged service users (with a focus on SQL). Thor's Microsoft Security Bible, 155-189. doi:10.1016/b978-1-59749-572-1.00012-3
Pešić, D., & Veinović, M. (2016). Privileged identities - Threat to network and data security. Proceedings of the International Scientific Conference - Sinteza 2016. doi:10.15308/sinteza-2016-154-160
