Snowden affair highlights the dangers of unlimited admin rights, Avecto survey finds

Many firms have yet to act

The historic Edward Snowden NSA breach has brought home the importance of controlling admin rights but many security teams have yet to act on the lesson, a snapshot survey by privilege management firm Avecto has found.

Asking 340 attendees of McAfee's FOCUS 13 conference for their views, the UK firm found that the intelligence agency's darkest hour caused half to re-evaluate their systems for managing admin rights even if three quarters admitted that their policies had not changed as a result.

Although a third believed rogue admins posed a major security risk, this was still less than the 40 percent who cited malware as the primary worry.

Those organisations that had reduced admins privileges had done so to counter malware in 33 percent of cases; 14 percent were worried about external auditing, 11 percent about internal compliance and 11 percent the insider threat.

Admin privileges are a complex issue that affect security on a number of levels, including both insider thtreats and malware. But only 20 percent of organisations believed they even knew how many server admins they had, an extraordinary admission.

"Media attention around the NSA's high-profile breach has created a significant turning point in how organizations think about security, with the IT function now increasingly aware of how attacks can stem from users and system admins with excess privileges," said Avecto CEO, Mark Austin.

"But awareness alone is not enough for network protection," he said. Businesses could minimise the possible damage form a rogue admin by ditching excessive rights, he said.

A better approach was to move to a system based not on absolute admin privileges but on privilege elevation as and when it was required. In this model admins became standard users like any other who were given elevated privileges to specific resources in a time-limited way.

Avecto markets its Privilege Guard software (including a version for McAfee's ePO console) to perform this task, so you'd expect the firm to argue in favour of the technology. But the notion that privilege management and least privilege should be seen as a mainstream technology has some independent support, with a Verizon noting earlier this year that many breaches it had been consulted on could have been avoided using relatively simple controls.

Join the CSO newsletter!

Error: Please check your email address.

Tags mcafeeapplicationssecuritynsasoftware

More about McAfee AustraliaNSAVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts