Earlier this year, attackers compromised Mailchimp, a popular SaaS email marketing platform. We examined over 300 Mailchimp customer accounts and exported audience data from 102 of them. The compromise was preceded by a successful phishing attempt that launched a malicious attack against an end-user of a Mailchimp customer.
Three months later, Mailchimp suffered another attack. Another employee’s account was compromised after a successful phishing attempt.
Although the identities of the compromised Mailchimp accounts have not been released, it’s easy to see what role user privilege settings played in the attack. Once the threat detector got inside the system, it was given the necessary access to use internal tools to find the data it was looking for. Although the data that had already been downloaded remained in the attacker’s hands, the attack ended when the security team was able to stop user access.
The introduction of user rights through Role-Based Account Control (RBAC) could have greatly reduced the damage of a breach. Had the least privilege rule been enforced, the compromised account might not have allowed access to the internal tools used in the attack. Additionally, the restricted access may have prevented the attack entirely or limited the number of affected accounts to far fewer than the 100 that were ultimately compromised.
Why Are User Permissions Important?
SaaS user permissions allow app owners to restrict a user’s resources and actions based on the user’s role. This is called RBAC, and is a set of permissions that grant read or write access, assign high-level permissions to users, and set levels of access to corporate data.
Why is there a “Rule of Least Privilege“?
A least privilege rule is an important security concept that grants the minimum access a user needs to do their job. In effect, it reduces the attack surface by restricting high-level access to a few privileged individuals. A low-privileged user If her account is compromised, the attacker will lose access to sensitive data contained within the application.
How Important are User Privileges to Security?
App admins often give team members full access. Especially if the group of users is small. As a business customer, not a security expert, I am not always aware of the risks involved in granting these permissions. I also prefer giving full permission rather than being asked for specific permissions later.
Unfortunately, this procedure can compromise sensitive data records. User permissions help define what data is exposed in the event of a violation. By protecting the data behind the permission set, an attacker with access to user identities is limited to the data available to the victim.
Loose user rights also make it easier for attackers to carry out automated attacks. Having multiple users with rich API privileges makes it easier for cybercriminals to crack her SaaS app to automate ransomware or steal data.
Why Are User Access Reviews Matter?
A user access review is essentially an audit that examines users and their access. Security team members and app owners can see the level of access each user has and adjust permission levels as needed.
This can help identify users who may have changed roles or teams within an organization but still have unnecessary levels of permission, or deviate from normal behavior and contain suspicious behavior. It’s important because it alerts your security team to your employees. Additionally, it helps identify former employees who still have access and high privileges.
Access reviews should occur at specified intervals to ensure that unnecessary permissions are identified within the specified time period.
Conclusion
User rights are an often misunderstood security feature. Protect your organization from both external attacks and internal data sharing errors.
SSPM solutions like Adaptive Shield enable effective user rights management, empowering security personnel and app owners to understand the scope of each user’s permissions and confirm that user’s SaaS security hygiene. It gives you a sense of security.
This real-time view of a user is much more effective than the User Access review, which only provides a snapshot of user privileges at a given point in time.