Why privileged access management should be critical to your security strategy

Nowadays, having a solution that manages privileged access is essential to prevent increasingly advanced hacker attacks. However, to ensure secure protection without gaps, you must include privilege elimination in your cyber strategy. 

In this article, we’ll talk about privileged access management (PAM), explain the importance of adopting privilege elimination in your security strategy and discuss the relationship between privileges and zero trust.

Privileged Access Management (PAM)

PAM seeks to monitor the privileges of each user on the network, thus ensuring the security of a company’s information. That’s because stolen privileged credentials are used in virtually every attack today.

According to Fernando Fontao, channel account manager at BeyondTrust, PAM tools have typically been used to solve a specific problem: How to store privileged identities and manage their use. 

But with the rise of ransomware and the fact that hackers are increasingly efficient in their attacks, taking away the privilege is the best solution to stop them. Yet, many companies implement PAM without covering all vectors. 

Many organizations believe that protecting privileged identities means keeping administrator credentials in a password vault. But the truth is that there must be a whole strategy that covers what constitutes a privileged activity.

Why use delete privileges?

According to Verizon’s Data Breach Investigations Report 2022, more than 80% of breaches involve privilege abuse.

Hackers take advantage of privileged credentials stored in local repositories, connected devices and more. Therefore, eliminating privilege should be part of every business’s defense strategy. What does this mean? It’s simple; it’s all in changing how permissions are implemented. 

This change will not make life difficult for the user nor prevent them from performing their tasks. However, a policy is used — instead of a privilege that a hacker can steal. With a policy, you give the user the same permissions, just through a different, non-theft mechanism.

Because, to execute a cyber-attack, a hacker needs to go through some phases. The first is to infiltrate the company’s system. After that, they seek to escalate privileges; that is, make a lateral exploration movement until discovering new privileges that provide greater access. And, finally, when they execute the attack. 

So, removing privilege through PAM prevents hacker from advancing from one phase to the next. No matter where they entered, the attack dies if they can’t get through.

And, adopting privilege elimination will protect against different attacks. For example, the Lapsus$ Group performs attacks without using technology. They do not exploit loopholes in systems, vulnerabilities or code, but focus on gaining access to a legitimate credential through social engineering. 

This type of attack is challenging to block using technology. Therefore, the best way to prevent attacks like this is to eliminate privilege.

Relationship between privileges and zero trust

With the dissolution of the security perimeter, zero trust is emerging. This practice move protections away from static, network-based perimeters to focus on users, assets and resources. Thus, the new security perimeter is identity.

Zero trust requires that any access to anything be authenticated. It doesn’t matter so much where you’re coming from and where you’re going. The location and destination no longer matter — just the user and what they want to access. If a credential has a privilege, any person or system controlling it can misuse it. 

To fight back against today’s increasingly sophisticated hackers requires a comprehensive and well-defined security strategy that, most of all, involves de-privilege. 

Usama Amin is a founder of cybersnowden.com