CYFOR Blog

Allowing full administration rights on company devices enables the potential risk of network abuse, employee misconduct and data theft.

Privileged credential abuse is one of the most common weapons for a malicious individual. The availability of these credentials enables disgruntled employees or cyber-criminals the ability to delete, corrupt, install and steal data or software on employees’ machines. According to a survey of 1000 IT decision-makers, 74% of those organisations that have experienced a data breach admitted that the attacker came from within and was able to gain access through privileged credential abuse.

In today’s digital world of increased cyber risk, business leaders should be aware that implementing the principle of least privilege to limit IT administrator and end-user permissions should be an essential part of their IT infrastructure in order to secure access to system controls. Unfortunately, many businesses overlook this simple but highly effective method and do not put the appropriate security measures in place to mitigate the risk of privileged credential abuse, as they are not aware of the risks posed.

Common credential abuse methods

• Full administrator rights allow users to own any file on the network and amend the way systems operate. This means they can freely change ownership of relevant documents or folders and either restrict access, copy, transfer or delete data.
• With full privileges, a user can wipe the entirety of data from their company device to hide any fraudulent activity.
• The ability to create new accounts and set privilege levels with a local admin account poses a serious risk to security, with the potential to give lasting access to malicious users, whether internal or external.
• The freedom to install, remove applications, and software, or delete emails and files can allow an employee to cover their tracks if they have malicious intent such as data theft.
• An administrator account can be used to access data of a sensitive nature in other user profiles, which could potentially lead to data breaches, theft, and privacy concerns.
• Unauthorised software may be installed with no auditing, leading to the execution of malicious programmes or malware that could infect an entire network.

Apply the principle of least privilege

The potential misuse and theft of company data is an increasing problem for many businesses. At CYFOR we have seen a rise in the number of investigations where evidence of suspected data theft has been hidden by employees. This misuse is due to full administrator rights being left on company devices. The best practice is to apply the principle of least privilege, assigning the permissions that are only necessary for end-users to do their required roles.

Corporate forensics expertise

Should you require our expertise, our Corporate Forensic Investigations department is on hand to assist. With a leading reputation across the investigations industry in criminal, civil and internal corporate matters, our standalone Corporate Forensic Investigations proposition marries our unique breadth of advanced capability within Digital Forensics, Cyber Security and eDiscovery.