LATEST INTELLIGENCE
38% of organisations grant admin rights
to their workforce by default, despite 79%
saying it is a major security risk.
The Cyber Essentials Scheme, a UK
government standard designed to help
businesses with cybersecurity, warns of the
powers of privileged admin accounts. Its
guidance on IT infrastructure notes that
‘when such accounts are compromised,
their greater freedoms can be exploited
to facilitate large-scale corruption of
information, disruption to business
processes and unauthorised access to
other devices in the organisation’.
For example, when a user with an
administrator account clicks on a phishing
link, the associated malware can act with
the broad access and capabilities inherent
of that account. This is how simple
mistakes morph into dire consequences.
Moreover, holders of privileged
accounts (such as system
administrators) often share account
access with other users. In practice,
this means people with bad intentions
or bad security habits are granted
access to powerful accounts, with
limited oversight.
Even if privileged access isn’t readily
handed out, poor security practices
are rampant. For instance, the 2017
BeyondTrust survey showed that users
regularly committed the security
sins of reusing passwords, sharing
passwords and using default and easily
guessable passwords. n
Download whitepapers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
21