Safeguarding against internal and external threats with Privileged Access Management

By Jonathan Neal, VP Solutions Engineering at Saviynt

The financial industry is no stranger to the threat of cyber attacks. These organisations are lucrative targets for malicious actors because they hold a treasure trove of both personal and commercial information, which can be sold to the highest bidder on the Dark Web. However, criminal gangs are not the only threat to financial organisations; they also need to mitigate internal risks. On occasion, employees or other trusted insiders might seek loopholes in order to perpetrate fraud. More commonly, they might unwittingly gain access to data they are not authorised to see. In both scenarios, the company will find itself in breach of data protection regulations.

Managing insider threats has become more complicated with the increased adoption of cloud services. Today’s users are likely to have more than one digital identity, plus there is a growing proliferation of non-human digital identities to contend with. The sheer number of profiles has become too much of a burden for organisations to manage, at least when they are relying on traditional solutions. To ensure smooth day-to-day operations, financial institutions need smarter ways to rapidly provide and terminate access to network resources, so that only the right people can access the right information, and only during the correct time frame.

To tackle this challenge, institutions are updating their approach to Privileged Access Management (PAM), which has long been an important part of their overall identity management strategies.

PAM refers to the processes, systems or technologies that are deployed to secure, manage and monitor elevated access for both human and machine identities. These identities are particularly complex to manage because, as superusers and/or administrators, they require wider access to infrastructure resources, which comes with additional risks.

When implemented correctly, modern day approaches to PAM do more than prevent unauthorised insider access, regardless of whether it is malicious or unintentional. They also help guard against the use of an increasingly important tool in the cyber underworld’s arsenal: privilege escalation.  This is a key stage in a cyber attack when hackers attempt to gain control of privileged user identities so they can go on to access system controls or high value data.  

Securing top-risk areas

To gain this level of elevated access, criminals typically exploit some type of vulnerability, such as a system bug, misconfiguration or inadequate access controls.  Some attackers will even create fake privileged user identities in order to gain systems access, steal data or eavesdrop on confidential communications.

Gaining a deeper understanding of which areas are most vulnerable to these types of attacks will not only decrease the likelihood of a breach, it will also bolster a company’s overall cybersecurity posture.

Halting privilege escalation attacks

Privilege escalation attacks take many different forms so financial services organisations need to develop a portfolio of defence strategies and tactics. This includes a PAM programme that reduces the number of ‘always-on’ privileged accounts and instead grants elevated privileges on a temporary, as-needed basis.  A successful programme should also simplify privileged access management controls, making it easier to grant, rescind and manage privileges, which is especially important for organisations running complex environments, where they are leveraging the cloud, working with third parties or supporting flexible working practices.

To provide maximum benefit, a PAM programme should work in concert with an organisation’s Identity Governance and Administration (IGA) controls, to provision privileged access in conjunction with the entire identity lifecycle, including provisioning and de-provisioning of identities and accounts. This will keep the number of dormant accounts to a minimum, reducing the likelihood of malicious compromise and making it hard for external hackers to disguise their activity. Furthermore, PAM should enforce the principle of least privileged access, which means admin access is granted with the least possible permission to perform the required task. Reducing access – so that users can only see the data they need to do their jobs and admin rights are restricted to a limited number of individuals – minimises the risk of adversaries gaining boundless access to a company’s entire network, by taking over just one digital identity.

Application access governance is another key defence against attacks relying on privilege escalation. Each application deployed within an organisation will have its own security controls. While this sounds like a positive, it often means that businesses lack a consolidated view of all their applications, so cannot always spot or stop cross-application control violations or Segregation of Duty (SoD) risks, which is when users are granted too many access rights. Not only could this mean users can access data they are not authorised to see, in the financial sector it could open the door to fraud. Application access governance tools overcome this challenge by providing granular visibility into all application security models. Together, these best practices will ensure that any suspicious insider activity is detected and addressed quickly, preventing threat actors from exploiting access privileges.

Conclusion

Digital identities are in a state of constant flux, ebbing and flowing along with employee changes within the organisation, and because of the shift in application, device and cloud usage. Identity security must evolve to keep up.

The stakes are high for financial institutions. Risking any type of cyber security breach due to a simple oversight is not an option. These companies must find robust methods to manage both internal and external risks, including insider threats and privilege escalation attacks.

PAM is emerging as a critical solution for financial services organisations, as it enables them to seize control of who can access their systems, and when. In addition to stopping unauthorised insiders, it bolts the door on external attackers, preventing them from capturing high value information.