SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Hybrid working and admin rights: the new cybersecurity risks
Thu, 23rd Feb 2023
FYI, this story is more than a year old

Three years after the pandemic sent the world spinning into hybrid working overnight, the security concerns and risks associated with this new way of working are still top of the agenda for businesses.

Widespread – and often unrequired – access to sensitive information is one of the main culprits. In fact, more than 1,500 IT and security decision-makers say over half of their employees have access to sensitive corporate data.

Hybrid workers have become a compelling target for threat actors. Compromising an endpoint remains one of the most common ways for threat actors to break through an organisation’s security system and access sensitive data and assets. 

Extending security access beyond the office and through an increasing number of digital identities has augmented the exposure of sensitive information. Providing privileged access through local admin rights is the cherry on top.

From changing boot and hardware configurations to installing cryptominer malware and accessing critical operational technology systems, local admin rights also give users full power over their endpoints – power that can be misused or abused to inflict severe damage.

While it is common to see organisations struggle to keep their security policies up to date while keeping up with new working habits, digital transformation can no longer excuse outdated security practices and not adapting to evolving threats.

As cyber techniques evolve and threat actors become more sophisticated in targeting remote and hybrid workers, organisations must prioritise the most effective steps to protect themselves. Staying ahead of well-funded, innovative attackers means implementing Zero Trust principles combined with a least-privilege approach to what human and machine identities can access.

How to reduce the risk of attackers moving laterally 

Identities of all types are gaining access to sensitive data, infrastructure and systems that today’s attackers can easily exploit.

As organisations’ digital and cloud initiatives grow in scope and scale, managing a surging number of digital identities can be challenging.

Organisations must therefore ensure users access only the information necessary to perform their job functions in the first place - and only when they need it - authenticating them every time. Granting, adjusting and revoking authorisations to comply with audits is essential. So, high-value data and assets are better secured wherever they reside.

Implementing a Zero Trust approach - assuming that any human or machine identity with access to your applications and systems may have been compromised – means teams can focus on identifying, isolating, and stopping threats from compromising identities and gaining privilege from the onset. 

Why no user should have local admin rights

The idea of removing local administrator rights from every single user across an organisation can be daunting. While most security professionals recognise the need to remove privileged access from ‘regular’ business users’ endpoints, others, such as database administrators and infrastructure maintenance teams, believe they need that level of access to perform their job. From their perspective, not giving them elevated access would mean added pressure for their security team, who have to manually grant extra privileges on a need-be basis. 

All this is true, but it doesn’t mean privileged users must be local admins. With full admin rights, even the most well-meaning, conscientious workforce user has too much control over an organisation’s digital environment, putting critical data and systems - even existing security stacks - in jeopardy.

All these challenges can be solved by a well-rounded endpoint privilege management capabilities. Effective endpoint privilege management is more than removing local admin rights - it can remove local admin rights and then, based on policies, elevate certain programs or tasks in a transparent manner so a user would never see a prompt or need to ask IT for assistance. And in exceptional cases, users can request elevation, which can be approved without remoting to the machine. On the backend, an effective endpoint privilege management capability would even integrate with an IT ticketing system for smooth workflows and fast elevations.

It is essential, then, for organisations to apply Zero Trust principles while enforcing the least privilege to strengthen endpoint security without complicating IT operations or impairing the user experience. It will make an attacker’s job so much harder and will get them looking elsewhere.