Identity Management and Privileged Access Controls: Important but Often Overlooked in Cybersecurity

This week, I’d like to focus on identity management and privileged access controls, an often-overlooked aspect of cybersecurity.

To understand what impact this can have, let’s understand how hackers operate. Often, an attacker will phish a single employee’s credentials or establish new credentials once they infiltrate a network. ZDNet reported that approximately 269 billion emails are sent daily worldwide, and approximately 2,000 of those are emails intended to phish personal information.

And, once they’re in, they maneuver to escalate privileges–essentially granting whoever they’ve compromised the ability to act as an administrator within your network. The Zero-Day attack by Chinese hackers is a perfect example of how quickly one infiltration can spread. A single breach can allow skilled hackers to get total remote control over many systems.

The good news is that identity management solutions and privileged access management are two ways to combat these types of risks.

Identity Management and Privileged Access

Identity management is the practice of giving only the right people access to the right systems, applications, and databases needed to perform their jobs. There are a number of things that go into this, but here are three key items to keep in mind:

1. Multi-Factor Authentication

You need to have a mechanism to confirm your employees are who they say they are. One of the best tools to employ is some form of multi-factor authentication.

2. Roles and Access

Who needs to have access to what system, application, or database? You need to define the roles within your organization and ensure that only authorized individuals have that access.

For example, a sales associate, accounting intern, or front desk receptionist should not have access to networks as if they were inside the IT department.

However, it’s also well understood that certain groups within a company need access to everything. Think of your IT department or certain engineering functions within a technology company. It’s OK that certain groups maintain full privileges within the network, but the key element to remember is to be thoughtful about who maintains access and err on the side of being restrictive. It’s one of the best ways to mitigate damage if a hacker finds their way into your network.

3. Profile Management

Actively manage the lists and profiles of employees to ensure the integrity of access controls. Employees may switch departments internally or leave the company altogether, and when that happens, there should be a process in place to prevent ongoing access when it’s no longer needed.

Case in point: A former employee at Allen & Hoshall left to set up his own business but continued to access files and email for two years, helping himself to approximately $425,000 worth of documents and designs. He was busted by a client who recognized the pitch he presented as eerily similar to the Allen & Hoshall bid and was sentenced to 18 months in jail.

Final Thoughts

When it comes to these types of protocols and your cyber insurance, remember that underwriters look for certain policies and protocols. Identity management and privileged access controls are an increasingly important component to a cyber insurance underwriting process.

In fact, we see underwriters asking more questions about these types of solutions, trying to ensure that a company has good guardrails around employee access to systems, applications, and data.

For more insights like this, check out the Cyber Notebook or get more Cyber Dan insights by subscribing to our YouTube channel.