Most organizations do not have the staff or experience to remove administrative rights.
A record number of Microsoft vulnerabilities were discovered last year and most could have been mitigated by removing administrative rights.
That’s according to BeyondTrust’s new Microsoft Vulnerabilities Report, which includes an annual breakdown of security vulnerabilities facing organizations today, as well as a five-year trends analysis aimed at better equipping organizations to increase their IT security, and keep networks and systems safe.
Morey Haber, BeyondTrust‘s CTO and CISO, tells us it’s a safe assessment that most organizations do not have the staff or experience to remove administrative rights, implement least privilege and report on risks accordingly.
“In general, most businesses lack the IT/IS staff to get all of their risks under control, period,” he said. “The report highlights the benefits of when administrative rights can be removed and if a business cannot do it themselves, leveraging an MSSP with experience across multiple organizations provides a robust strategy to realizing the benefits highlighted in the report.”
Now in its seventh edition, this year’s report identified the following highlights:
Further analysis shows on average over the last five years, 83% of all critical vulnerabilities published by Microsoft could have been mitigated by security teams removing administrative rights from users, according to the report.
“Most organizations are not removing administrative rights due to FUD (fear, uncertainty and doubt),” Haber said. “They are under the impression everything will break and [the] end user will revolt if they do. In addition, they may be unaware of the security benefits they gain if they do. So most organizations continue to make the same mistakes they have done in the past and even follow obsolete security guidance of providing users two accounts: one as a standard user and one as a local administrator. The truth is, there are tools to solve this problem – even within the native OS – that make the removal of administrative rights possible. IT/IS teams just need to learn how to do it safely and without impacting productivity.”
Removing administrative rights is a top priority, and even analyst firms like Gartner have been recommending privileged access management as a CISO top priority, he said. It is up to the business to embrace the concepts, and implement technology and procedures to overcome the challenges. Therefore, it is not a matter of priority, but rather just getting it done, Haber added.
“Threat actors are always searching for the easiest method to exploit a resource,” Haber said. “The vulnerabilities themselves may be trivial, but if a threat actor can gain administrative rights through exploit code, phishing or even poor credential management, they will compromise an asset. Therefore, it is in the hacker’s best interest to find any method possible to hack a system and then leverage credentials to continue their activity.”
There has been a slight decrease in the number of vulnerabilities that can be mitigated through the removal of administrative rights, he said. In addition, key applications also are highlighted and prove that if they are not executed with administrative rights, document vulnerabilities also are mitigated. This is yet another reason people should not …
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.