The principle of least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources necessary to perform legitimate activities.
Applied to employees, the principle of least privilege (POLP) works by allowing only enough access to perform the required job, enforcing the minimal level of user rights, or lowest clearance level, that allows the user to perform his/her/their role. However, the principle of least privilege also applies to processes, applications, systems, and devices (such as IoT), in that each should have only those permissions required to perform an authorized activity. Adhering to the principle of least privilege reduces the risk of malicious internal or external individuals gaining access to critical systems or sensitive data by compromising a low-level user account, device, or application.
The principle of least privilege can be applied to every level of a system. It applies to end users, systems, processes, networks, databases, applications, and every other facet of an IT environment. For example, an employee whose job is to enter information into a database only needs the ability to add records to that database and does not need admin rights, while a programmer whose main function is updating lines of legacy code does not need access to financial records.
Insider threats pose a significant threat and take the longest to uncover. Employees, contractors and other insiders generally benefit from a level of trust by default, which may help them avoid detection, should they be actively stealing data, intellectual property or corrupting systems. This time-to-discovery also translates into more potential for damage. Unlike external hackers, insiders already start within the perimeter, while also benefitting from the know-how of where sensitive assets and data lie and how to zero in on them.
With regards to external cybersecurity factors, if malware infects an employee’s computer and the employee clicks a link in a phishing email, the malicious attack is limited to making database entries. However, if that employee has extended admin privileges the infection can spread system-wide.
An infamous rogue insider was Edward Snowden, who had administrative access rights while working as a technology contractor for the NSA. His role included such activities as backing up computer systems and migrating data to local servers. However, by abusing his admin privileges, and utilising some simple and widely available software tools, including an automated web crawler, Snowden illegally copied, accessed, and then leaked an estimated 1.7 million NSA files. In response to the Snowden breach, the NSA announced the drastic action of eliminating 90% of system administrators, to limit access and improve its least-privilege posture.
After submitting an enquiry, a member of our team will be in touch with you as soon as possible
Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.