Excessive access to unstructured data is pervasive in enterprise file environments around the world. In a recent report, 62% of the business users surveyed reported having access to content they should not be able to view. In light of recent breaches, malware attacks, and insider theft, many organizations now recognize that Access Governance is critical to protecting their businesses. Here are a few of the top reasons companies are getting serious about implementing a least-privileged approach.
Ransomware: Ransomware attacks have been one of the hottest issues in cyber security for the last several years. We’ve all seen this IT nightmare: an unsuspecting user clicks on a malicious email attachment and before you know it, the malware has destroyed the files in every share path it can enumerate. Keeping frequent back-ups and up-to-date malware protection are good practices, but not enough. You can mitigate your risk substantially by enforcing a least-privileged model. Start by remediating open access and revoking unneeded modify rights. Next time a crypto attack hits you, you’ll be glad you kept it contained.
External attackers: When an attacker gains access to an account, his first move is often to search for content to use against you. Sometimes an attacker is looking for company-specific information to enhance the perceived credibility of a spear phishing attack. Other attackers have their eyes set on your intellectual property, customer list, or PII. In either case, proper access controls drastically reduce your attack surface. For example, an attacker who’s gained access to an engineer’s account should not be able to retrieve your payroll information or CEO’s calendar.
Insider threats: Insiders cause 60% of security incidents. This too is mitigated by restricting access. When your disgruntled receptionist turns in her notice, you’ll rest easy knowing she can’t access your customer lists, PII, or product designs.
Are you ready to implement proper access controls?
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Adam Rosen serves as Vice President of Data Access Governance at STEALTHbits. An expert on managing and securing unstructured data, Adam has helped organizations of all sizes implement controls and policies to meet security, compliance, and efficiency objectives. In his current capacity at STEALTHbits, he manages the industry-leading StealthAUDIT suite that enterprises around the world depend on to defend their most critical information.