As of May 2023, 39% percent of workers in the UK work from home at some point during their week. Whilst understandable, the hybrid-working environment continues to pose more risks to organisations and their data.
As more devices are accessed beyond the confines of the corporate network, businesses must account for the inherent risks presented by insecure or non-existent endpoint control. As users of these devices have more administrative control, and without the constant presence of IT services, the door is left open for increased phishing, ransomware and malware attacks. A daunting 88% of data breaches are now caused by employee error. Just earlier this month, the genealogy company 23andMe confirmed that its data had been compromised in an attack from hackers who claimed to have accessed millions of data points from accounts by taking advantage of users login credentials.
The problem with this is that the users are not the root of the issue. The concern comes not only from employees, but from the number of endpoints being accessed from multiple locations, and the lack of control over the access and privileges that these devices have.
A frightening statistic revealed in a study from Forbes, showed that 23% of UK and US small businesses used no form of endpoint security, and that a further 57% simply believe they won’t be targeted by cyber-attacks. The reason this is so concerning is that cybersecurity companies have reported a 20% increase in victims of such attacks just in the last year. These attacks not only put company and customer data at risk but can also result in a strain on IT services and leave users without the systems and tools essential for productivity.
Preventing unlimited access
One of the ways that attacks break through endpoints and escape into an organisation's network is by exploiting local admin rights on end-users' workstations. Those local admin rights are handy for the user. For example, they can install a new printer driver or update an application plug-in without calling the IT help desk. But they can also be abused to install malware or configure the computer to make an attack easier.
It could be easy to remove those local admin rights or the shadow user account on the workstations with those elevated permissions. But that will frustrate end-users and increase the load on the help desk.
The key issue here, is the concept of privilege. Users often need the privilege to elevate their devices by running an administrator account in order to gain access to, and update applications. Unfortunately, this greatly increases risk as these elevated administrator accounts are much more attractive to hackers for this exact reason - their access to more lucrative data.
It has been reported that 70% of all data breaches are targeted at privileged accounts, which is especially alarming when taking into account the fact that 90% of IT security professionals have said that their organisations’ users have more privilege than is necessary.
The issue for many companies arises in finding the balance between the users’ access to local admin rights and their productivity. More open access to the admin rights makes things easier and convenient for the users but opens the door to security risks with more endpoints to target.
A study by the Ponemon Institute showed that 73% of organisations believed that threats to their endpoints had significantly increased, and that a staggering 80% of organisations that had been compromised by cyber-attacks did not know what type of attack they had been subjected to. The need for a more effective and efficient security measure is clear.
Endpoint privilege management (EPM) oversees and governs the privilege of network devices. It completely removes the need for users to have administrator accounts on the devices they use, whilst still enabling them to have elevated access to certain applications. EPM only elevates approved applications and provides the users with a clear audit list of those which have been approved.
Privilege to protect
Whilst not a universal fix, the implementation of EPM, for example, can help alleviate the risks and reinforce a culture of security within organisations.
It is understandable to be cautious when faced with words and phrases such as “approved applications” or “removing administrator rights”, but EPM is not about limiting your users’ experience or productivity. EPM does not forbid or remove access to applications. The IT team can grant approved users’ permission to run specific applications with elevated permissions for a limited period, to carry out specific actions.
Users can then access what they need to, while IT retains visibility over all actions in case activity needs to be stopped, or incidents need to be investigated at a later date. If permissions need to be granted on an individual basis, for each user and application, IT will be buried under an avalanche of requests – so EPM tools will allow rules and policies to be created and then applied at scale.
Users can do the work they need with few calls to the Help Desk. IT gets fewer interruptions and can focus on more valuable work. Auditors can see who had access to which applications and logs show the actual users, not an arbitrary administrator account.
Endpoint privilege management is vital to any organisation's cybersecurity strategy, not only to manage and control access to sensitive data and resources but minimise the chance of a data breach. EPM also plays a crucial role in ensuring compliance with industry standards and regulations to avoid the legal liabilities that may ensue should a breach occur.