• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• BC Store
• Journal
  • About the BC & Resiliency Journal
  • Latest papers
  • Subscribe
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Training

Sign up for Continuity Briefing
Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Use Google? Click the button to add Continuity Central news to your Google home page.
Get immediate news and information updates via our Twitter feed.

Mitigating the impacts of social engineering attacks

Commenting on recent reports which assert that cybercriminal social engineering attacks are now targeting IT admins and even call centre staff - Avecto says that a least privilege approach to security is the key to solving this issue.

Paul Kenyon, chief operating officer with the Windows privilege management specialist, says the real reason why cybercriminals are targeting the IT support function is the immense power that staff in these areas have - thanks to the admin accounts they have access to.

“Many of these staff are using what security professionals call privileged accounts - that is, admin accounts that can carry out a number of high-end tasks, which the more mundane user accounts do not normally have access to. If unnecessary privileges are removed from these accounts, this lowers the security risk involved,” he said.

“It’s important to understand that, where IT admins and least privilege are concerned, it’s not about taking rights and privileges away – it is about protecting their privileged identity, empowering them to make conscious decisions on when those privileges are used, and monitoring all privileged activity for signs of misuse or exploitation,” he added.

The Avecto COO went on to say that the advantage of adopting a least privilege/least risk security posture with admin account privileges is that the security advantages also transfer over to the servers these IT admins control.

The process of removing unnecessary privileges from the admin account arena, he explained, comes down to adopting an effective audit and governance strategy, which in turn reduces risk and increases efficiency.

“It’s important to understand that, if you reduce the privilege on high-end accounts, you do not impair operational efficiency. You do, however, reduce the level of risk in an organization – and that’s a great situation to be in,” he said.

http://www.avecto.com

•Date: 17th August 2012 • World •Type: Article • Topic: ISM

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.