Bytes Cyber Journal: Entry 5 - Protecting Your VIPs
Friday 24th May 2024
Protecting Your VIPs
How to prevent your VIP from becoming a VAP (Very Attacked Person!)
Let’s be honest, VIPs are special and should be treated as such. The VIPs in your organisation might not be walking the red carpet, or securing trade deals with allies around the world, but they’re important to you! Your VIPs are your C suite, your privileged users, your bearers of keys to your kingdom. They have specific needs, they aren’t a standard user, or sometimes they just want to work in their own way (and you can’t say no when they are the CEO, right?!).
In this blog, we will explore how to delicately handle these out-of-the-ordinary types of users, while keeping your organisation secure from the threats specific to these VIPs. We will review techniques such as just-in-time (JIT) privilege elevation, targeted and contextual user awareness training (UAT), and creating bespoke policies to step-up protection for these highly targeted individuals when time is of the essence.
The Challenge
Love them or hate them, VIPs require a different approach, so let’s explore a few different character types. There’s the C-level, difficult to say no to, often don’t want to be constrained in the ways in which they can get their job done. They can be frequent flyers, which presents a different set of challenges with managing their access and IT assets from different geographies. They can also be very time-sensitive; these are busy individuals so you may need to prioritise their requests.
Then there’s the privileged users; not always a person of authority but one that attackers love to go after. The reason is obvious: they have access to applications, infrastructure, and key assets that others do not. These users require very specific types of control and protection, such as PAM (privileged access management) tools, which we’ll touch on a bit later in this blog.
Lastly, there are numerous individuals around the business that would be prime targets for attackers, such as finance controllers or heads of department (marketing is a great example here; imagine the damage to your brand if that individual was compromised!).
What To Do Next
The challenge is broad, and so are the solutions. We’ll touch on a few here, but this is by no means an exhaustive list. If you’re left wanting more after this blog, you’ll find the details to reach out to us at the bottom of this post. Firstly, I’d like to acknowledge human beings as our weakest link, as has been the case forever. It’s hardly surprising in today’s world of AI and automation, add in that element of human input and there is always an opportunity for human error. Because of this, user awareness training (UAT) has never been more important. As it happens, it’s also never been so advanced as it is today.
Now we can focus on the users that we have identified as being currently targeted (by phishing, social engineering, credential compromise, etc.) and provide them with contextual awareness training, in real-time.
This targeted approach prevents UAT from becoming an annual tick-box exercise, with the content being far more engaging these days too.
Next, I want to highlight privilege elevation, specifically Just-in-Time (JIT) privilege. This would naturally apply to your privileged users, but also to your C-level suite; if you want to take this to the extreme, you can (and perhaps should) explore Endpoint Privilege Management (EPM) too. JIT privilege elevation allows us to respond to requests for access in the moment, automating wherever possible but also enabling visibility for the right set of eyes on each request. By not relying on standing privileges, by getting closer to a position of least privilege across the organisation, you can mitigate the associated risks of privilege compromise.
My final point surrounds stepping up protection for highly targeted individuals, which will often be your VIPs (or your careless users, the subject of another blog in this series). Again, a bit like how standing privilege is a bad idea, so is security for the sake of security; we don’t want security to be seen as a blocker, persistent users will find ways to avoid it.
This is why step-up protection is so powerful because we’re applying higher controls in the moment, where it’s appropriate to do so.
An example of this would be increasing MFA (multi-factor authentication) requirements on a user or group of users that we are seeing as being actively targeted for account compromise, as they’re highlighted by your email tool as being a ‘Very Attacked Person’. Another example leans on integrations between security tooling, where your EDR tool, for example, may pick up on suspicious behaviour from a user. It will then send a prompt to your Identity tool to ask again for login credentials, or to your network tool to restrict access to assets until the identity is re-confirmed.
How Bytes Can Help
As you see, there are multiple angles to consider when looking to protect your VIPs. I’ll summarise a few of them for you here.
JIT privilege elevation for your privileged users (or all of them!)
This considered approach to privilege management can be achieved with most market-leading PAM tools. Not only will it help you keep better tabs on the levels of privilege across your estate, but it will also enable you to dynamically assign privileges in complex, multi-cloud environments. Bytes are perfectly positioned to help you explore the options available, and to highlight the often nuanced differences.
Enhance your user awareness training program
UAT doesn’t have to be dull, and you should absolutely get tangible value from rolling out a comprehensive program. By better preparing our users, we’re essentially strengthening the weakest link in our chain, denying the attackers an easy route in. This can be distributed on a periodic basis, and better yet, as and when we identify that a user requires additional training. This could be because they clicked on a link they shouldn’t have (we’ve all done it…), because they’re being actively targeted, or because they’ve changed roles within the business and are now subject to different risks.
Integrate, step-up and automate
This last point is hugely important: integrations, automation, and appropriate security controls are the key to adding a force multiplier to your security efforts. There are dozens, if not hundreds, of fantastic integrations on the market that make your security investments more than the sum of their parts. If we can streamline the end user experience and reduce the number of helpdesk tickets raised at the same time, that’s got to be counted as a win!
Thank you for reading.
If you have any questions, or would like to learn about any of the content covered in this blog, please email our friendly team via [email protected]
Want to keep informed? Sign up to our Newsletter