According to Verizon’s 2017 Data Breach Investigations Report, 25% of data breaches involve insiders. And in 60% of cases, insiders take data to sell later, or 15% to a new employer or to start a rival company. Data theft doesn’t necessarily require any technical skill if users already have access to the information they need, and can be detected or prevented using logging, monitoring large data transfers and removeable USB devices, and by blocking access to websites that might facilitate data leakage.
It’s also interesting to note that 62% of data breaches involved hacking. Pass-the-Hash attacks are easily achieved on PCs where users have local administrative privileges, allowing hackers to leapfrog between systems, stealing privileges that provide access to domain controllers and other sensitive servers.
Even if you think that an insider hack in your organization isn’t likely, hackers rely on your indifference to piggyback off honest users working with poorly secured devices. Then there are ‘power users’ that demand administrative access to devices, even if there’s no business reason behind it, that have enough knowledge to be dangerous. And while these users aren’t necessarily hackers, they are often the source of accidental and intentional ‘insider misuse events’ that lead to security breaches.
Securing Windows 10
Microsoft recently announced Windows 10 S, a new Windows 10 SKU that is designed to take on Google Chromebooks in the education sector and beyond. But why have Chromebooks become a popular alternative to Windows in the SME and education spaces? Price is one reason, but there is another key differentiating factor.
Users don’t have administrative access to Chrome OS, and can only run apps in the supplied browser. Or in the case of Windows 10 S, there’s also the option to download apps, but only from the Windows Store. This model provides a more secure and reliable experience, and performance doesn’t deteriorate as applications get installed and removed. Windows 10 S is aimed at home users, education, and business users that need a robust and secure experience with little or no IT support.
Windows 10 Pro and Enterprise editions make it easier than ever to remove admin privileges from end users. Even if your organization doesn’t use System Center Configuration Manager, Windows Update for Business and Windows Store for Business enable simpler management of OS and apps with less investment in infrastructure.
But in the real world, it’s not always possible to remove admin privileges. And in those cases, Microsoft Windows 10 Enterprise Credential Guard uses Virtualization Based Security (VBS) to segregate domain credentials from local administrators. It’s also important to ensure that domain admin accounts are audited and restricted to use on domain controllers.
If you decide to remove admin privileges from users in your organization, LedpideAuditor can help determine how privileges are being used so that you can plan an orderly migration to a more secure environment.