Employees have admin rights on their computers beyond what they need. Password re-use is commonplace both at work and at home.
In addition, is the struggle of timely management of user accounts, including the retiring of non-active accounts or those of departed employees or updating the appropriate privileges of users, increasing cybersecurity risks for councils.
Privileged access is central to almost every security incident and breach today—from establishing an initial foothold, to lateral movement to escalating rights. According to Forrester, 80% of data breaches involve privileged accounts.
A recent report by the NSW Auditor General highlighted the common challenges faced by local councils when it comes to privileged access:
Over half of local councils did not monitor privileged accounts' activity logs.
More than a third of councils did not perform a periodic user access review to ensure users’ access to key IT systems are appropriate and commensurate with their roles and responsibilities.
For councils looking to improve their privilege access management there are several steps that they can take, including: