Why governments need an effective access management strategy [Q&A]

Governments and data make for a complex relationship. In some cases, agencies are obligated to make information publicly accessible. In others, sensitive data is highly regulated and therefore needs to be protected to keep it out of the public domain.

With key information changing hands internally via various departments and externally via third parties, it's vital that government agencies can access systems and share data securely -- particularly given increases in cyberattacks.

According to the UK Government Cyber Security Strategy: 2022 to 2030 policy paper, four in 10 incidents managed by the National Cyber Security Centre (NCSC) in the year ended August 2021 were aimed at the public sector.

We spoke to Graham Hawkey, PAM specialist at Osirium, to discuss the key threats associated with access management, and how governments can implement solutions that ensure systems and information can be safely accessed.

BN: What are the threats associated with users accessing government systems?

GH: It's important to note that breaches and cyberattacks often begin with employees.

Verizon's latest Data Breach Investigations Report reveals that human error is a contributing factor to four in every five breaches, with staff continuing to be susceptible to social engineering attacks and privileged access misuse.

Privileged access threats are particularly dangerous. Typically defined as 'administrators', accounts with privileged access can create, add or remove other users, install software, change system settings, access sensitive databases, and more.

Normally this isn't a problem. Yet in the wrong hands, powerful government credentials can be abused.

BN: In what ways can powerful credentials be abused?

GH: Typically, this level of access isn't an issue. However, in the wrong hands, powerful government credentials can be abused and misused.

Disgruntled insiders, for example, can easily gain access to and leak, share or delete government intelligence and other sensitive data. Further still, technically savvy cybercriminals may shut down critical services and infrastructure, placing national security under threat.

The impacts of a single, successful cyberattack against even one public sector agency can be catastrophic. Back in 2017, for example, a ransomware attack on the UK National Health Service resulted in losses of £92 million and the cancellation of 19,000 NHS medical appointments in the space of just one week.

BN: Are privileged access breaches always intentional?

GH: The threats associated with privileged access aren’t only driven by malicious actors.

Unfortunately, staff with privileged credentials aren't always educated on cybersecurity best practices, leading to situations in which they unknowingly make mistakes and put sensitive data at risk.

Further, third parties who may also have privileged access represent a similar threat -- something that is becoming increasingly concerning.

Supply chain attacks are another cause for concern, as the infamous SolarWinds attack uncovered back in 2020 shows. Here, hackers broke into the software provider’s network, injecting malicious code into a routine software update that was then sent out to its service users, compromising the systems of more than 18,000 companies, including 425 of the Fortune 500 firms and key US government agencies.

BN: How can an effective privileged access management strategy be achieved?

GH: The key to combating the threats stemming from privileged accounts is eliminating an 'access all areas' mentality. Today, governments need to ensure all employees and third parties can safely access IT systems and protect valuable data from attack without impeding productivity.

Thankfully, this can be achieved with relative ease by leveraging the right combination of expertise and technologies.

With Privileged Access Management (PAM), organizations can ensure all users are provided with the right level of access and permissions required to complete work-related tasks. Further, they can also use Privileged Process Automation (PPA) to automate repetitive tasks such as updating permissions for company leavers to eliminate errors. And finally, with Privileged Endpoint Management (PEM), they can also remove historically enabled local admin rights without exacerbating helpdesk requests.

With governments increasingly at risk of both malicious attacks and accidental data leaks, limiting access to necessary systems and data must be prioritized. Therefore, solutions such as these are no longer a nice-to-have. Today, they are a must have.

Image credit: ArtemisDiana/depositphotos.com