This article follows on from an article I wrote last week – Why the “Principle of Least Privilege” works and something for free…. If you want the something for free, then you had better read that article first!
Part 1 is here “What the “Principle of Least Privilege” does for your cyber security?” – in that we looked at two benefits that not only strengthened your cyber security but also had a positive impact on your business operations. In this part we are going to discuss some of the real cyber security benefits.
The Principle of Least Privilege Shrinks the Attack Surface
What does this mean? Threat actors are always looking for a way in, for example trying to exploit a flaw in software or hardware or trying to use a set of credentials they have compromised. It is then obvious that if you can reduce the hackers options when it comes to your systems then your cyber security improves. If your users have limits on what they can access, then if they or their machines become compromised, then the hacker’s access also has limits.
The Principle of Least Privilege Limits the Spread of Malware
That leads nicely into the last benefit I want to look at today. If your users and their computers have managed limits as to what they access and execute on your systems, then in the event of a malware infection that to is limited in its ability to spread across your systems. Specifically you should consider limiting the administrator rights of the organisation’s computers.
Where the Principle of Least Privilege Will Not Help You!
I am sure you can all spot the weakness in PoLP but let me state it anyway. If one of your trusted people who have access to your most valuable and most sensitive systems and information are compromised, then likewise the hackers and the malware will also gain this trusted access.
There are very few ways to completely stop this problem. You have to have trust somewhere in your organisation for thing to work – I have seen one company where the owner kept everything to themselves, but that means they were still trusting themselves and that leads to other issues – so your best answer lies with monitoring these trusted, users, credentials and systems.
That is where our Security Operations Centre (SOC) comes in. It monitors, reports and responds 24 hours a day, seven days a week all through the year, quickly giving your IT and Cyber Security support the heads up to potential compromises and issues. This allows them to respond before the breach becomes an enormous problem.
I have written about our SOC here:
Our Security Operations Centre is Online
And Ben has a real world example of the SOC protecting our credentials and systems here:
But better still why not come along to our webinar where industry specialist John O’Mahony will describe the benefits to you of leveraging this type of corporate level cyber security at a price affordable to any small organisation that want to take their cyber security seriously.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Images by Microsoft Copilot