Privileged credential abuse is one of the most common weapons for a malicious individual. The availability of these credentials enables disgruntled employees or cyber-criminals the ability to delete, corrupt, install and steal data or software on employees’ machines. According to a survey of 1000 IT decision-makers, 74% of those organisations that have experienced a data breach admitted that the attacker came from within and was able to gain access through privileged credential abuse.
In today’s digital world of increased cyber risk, business leaders should be aware that implementing the principle of least privilege to limit IT administrator and end-user permissions should be an essential part of their IT infrastructure in order to secure access to system controls. Unfortunately, many businesses overlook this simple but highly effective method and do not put the appropriate security measures in place to mitigate the risk of privileged credential abuse, as they are not aware of the risks posed.
The potential misuse and theft of company data is an increasing problem for many businesses. At CYFOR we have seen a rise in the number of investigations where evidence of suspected data theft has been hidden by employees. This misuse is due to full administrator rights being left on company devices. The best practice is to apply the principle of least privilege, assigning the permissions that are only necessary for end-users to do their required roles.
Should you require our expertise, our Corporate Forensic Investigations department is on hand to assist. With a leading reputation across the investigations industry in criminal, civil and internal corporate matters, our standalone Corporate Forensic Investigations proposition marries our unique breadth of advanced capability within Digital Forensics, Cyber Security and eDiscovery.
After submitting an enquiry, a member of our team will be in touch with you as soon as possible
Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.