- Published: 08 July 2012
- Written by NStinchcombe
Manchester UK and Boston USA, 9th July 2012 – Recent reports on the theft of over half a million financial card details by hackers, could have been avoided if data security had been multi-layered believes Avecto.
The Dark Reading newswire reported on a screen-scraping malware infection being investigated by US authorities at the Wyndham Worldwide chain of hotels. Avecto believes that allegations of lax security within the hotel chain is only part of the story.
“Organisations with vast numbers of staff dispersed across multiple premises face major issues designing and implementing multi-layered security systems that can protect data at all times.” Commented Paul Kenyon, chief operating officer with the Windows privilege management specialist.
“We’ve found that in this scenario, serious security vulnerabilities occur when users are given admin rights and do not regularly connect to the domain. The system is still at risk even with regular group policy updates deployed and anti-virus software installed, working alongside other controls because users with admin rights can over-ride these controls,” he added.
The solution, Avecto believes, is to deploy an extra layer of security whereby all users on the system operate under a standard user account and privileges are then assigned to applications - and tasks - through security policies. Assigning privileges directly to the applications that require them, further protects the IT environment, as the damage caused by a security breach is significantly minimised.
“The analogy I would draw here is the difference between a thief being able to gain out-of-hours access to a bank lobby where secure cash machines are located, and gaining access to the staff area of the bank. While the former scenario is not ideal, the damage a thief can carry out is minimal. With the latter, it’s a recipe for disaster.” he said.
“It’s the same with data and systems access. With effective privilege management and application elevation, even if the data thief does break through the outer layer of defences, the internal layers will help keep them in the electronic equivalent of the bank lobby,” he added.
In the case of Wyndham Worldwide, technology such as Avecto’s Privilege Guard software could have significantly reduced the risk for the hotel chain.
“Modern security is about reducing the risk profile of the data and the systems that process that data. In today’s multi-vectored hacker attack environment you can never remove security risks entirely, but commonsense tells us that reducing your risk profile also decreases the risk of a data breach – and that has to be a positive step,” he concluded.
For more on Avecto: http://www.avecto.com
For more on the Dark Reading editorial on the latest FTC data breach investigation: http://bit.ly/LC0l3v