Companies in Singapore are increasingly adopting a zero trust approach to their security framework but concerns remain about the excessive privileges enjoyed by employees when accessing corporate IT resources.
This point was brought out in a recent survey on zero trust undertaken by BeyondTrust.
The survey of IT leaders in Singapore showed that while the vast majority of organisations indicated that they believed that they had the fundamentals of zero trust associated with authentication and privilege well under control in their plans, 54 percent of the respondents felt that many users have excessive privileges - creating what is known as privilege gap - than what is required by them for their jobs.
The privilege gap refers to excessive access to the various systems, resources and applications that users have beyond what is required for them to perform their duties.
It may include administrator rights to systems or the ability to run tools such as Powershell, something that is often leveraged by malware.
Excessive privileges go against a core tenet of zero trust architecture.
Here’s why: the simplest way to describe zero trust is that nothing in a network environment should be trusted until it is validated against a list of known values. The validation is not a one-off either. It is ongoing.
In other words, users, systems, and processes are all validated prior to any action being authorised, whether that is a login into the network, an automated process or a privileged activity or authorisation.
Zero trust emphasises constant visibility into who is doing what on the company network. This ensures maximum control over systems security and access.
Zero trust’s “never trust, always verify” philosophy addresses many of the challenges facing organisations today where employees, third parties, and resources sit outside the traditional network perimeter and yet access the systems and processes.
Within zero trust is the principle of least privilege - a policy that requires all identities logging into the network, to have minimum entitlements to perform their responsibilities.
This approach to zero trust can have benefits in limiting the damage from a security breach, for example, a login credential theft, by not allowing an attacker to ultimately get into a position to steal data or cause harm to the network.
How breaches occur
A study done by Forrester Research has shown that privileged credentials were responsible for around 80 percent of data breaches. In these cases, improperly managed privileges allow attackers to infiltrate and move laterally across the company network.
When standard users have excessive privileges, attackers don’t need to find a system admin. They simply use the privileges of the standard user account to allow them to access more sensitive data or take control of a system.
While traditional approaches to access management attempt to protect identities that have permanent privileges, modern attack methodologies employed by hackers such as social engineering, phishing and keyloggers, just to name a few, allow attackers to easily gain control of these identities and gain access.
In view of the finding of the survey that more than 50 percent of the organisations believing their employees have excessive privilege access, more work needs to be done on the zero trust journey for Singaporean organisations.
This is especially relevant for the 88 percent of Singaporean IT leaders who say that zero trust is important to their organisation's cybersecurity strategy, and the 97 percent of public sector leaders.
How privilege escalation attack works
Privilege escalation attacks start with threat actors gaining a foothold within the network. An attacker could also gain access by leveraging missing security patches, social engineering, or other methods.
Once the initial infiltration has been successful, threat actors will typically perform surveillance and wait for the right opportunity to continue their mission.
Privilege escalation attacks are usually of two types.
One is what is called horizontal privilege escalation and the other is vertical privilege escalation.
Horizontal privilege escalation involves gaining access to the rights of another account - human or machine - with similar privileges.
This action is referred to as “account takeover” and typically would involve lower-level accounts which may lack proper protection.
With each new horizontal account compromised, an attacker broadens their sphere of access with similar privileges.
Vertical privilege escalation, also known as a privilege elevation attack, involves an increase of privileges/privileged access beyond what a user, application, or other assets already have.
This entails moving from a low level of privileged access to a higher amount of privileged access.
Achieving vertical privilege escalation could require the attacker to perform a number of intermediary steps to bypass or override privilege controls, exploit flaws in software, firmware, and the kernel, or obtain privileged credentials for other applications or the operating system itself.
In 2022 elevation of privilege was the No1 vulnerability category of all Microsoft vulnerabilities, according to the Microsoft Vulnerabilities Report 2022.
Growing cybersecurity concerns revolving around privilege escalation correlate directly with an organisation’s expanding digital universe and the dispersed nature of the modern workforce.
While most organisations are well acquainted with the cybersecurity risk that comes along with the information technology’s benefits, the modern threat landscape has become increasingly difficult for IT and security teams to manage as they try to connect the dots between privileged accounts, vulnerabilities, exploits, and successful data and system breaches.
This barrier is a big reason why compromised privileged credentials are such a dominant source of successful attacks, and why 88 percent of the IT leaders in Singapore believe that zero trust access is vital in their organisation’s cybersecurity strategy.