The digital platform Block (formerly called Square) has confirmed a data breach involving a former employee who downloaded reports from Cash App. While there are many unanswered questions from the entire situation, the organization’s flaw is actually not that uncommon or shocking as many readers might think.
According to cybersecurity evangelist and Zero Trust expert Raj Dodhiawala, president of Remediant, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl,. Dodhiawala says this is a factor that all companies should have top of mind.
In the context of the Block issue, Dodhiawala outlines to Digital Journal whatcompanies should do to mitigate these preventable breaches from happening.
Beginning with the incident, Dodhiawala explains: “While investigations of the Cash App breach are underway, leaving many unanswered questions on the ‘how’ this happened — it’s actually not as shocking to hear that it has, as some may think. In fact, there are numerous ways that this could have occurred, one of which is due to unrecognized privilege sprawl — a factor that all companies should have top of mind.”
Providing more detail as to the technicalities of the issue, Dodhiawala states: “Privilege sprawl is the always-on, always-available administrative access. It occurs when administrative, or special rights to a system, have been over-provisioned and granted to too many people within an organization.”
There were some specific weaknesses. Dodhiawala sees these as: “Company admins need access of course, but the 24x7x365 standing privileges that come with the ‘always-available’ approach are what get companies into hot water today, compounded by access that isn’t de-provisioned when it really should, as the breach with the Cash App illustrates.”
Delving deeper: “Whether related to lax procedures, a lack of consistent oversight, or the fear of causing disruption to established processes, the proper de-provisioning or termination of privileged access is often neglected or mismanaged, including when a person exits a company.”
Dodhiawala adds: “Unfortunately, this is an issue growing in the dark of companies, quietly amassing to significant proportions and key to successful lateral movement attacks, which they don’t even realize until it’s too late.”
In terms of recommendations, Dodhiawala says: “For those looking to address privilege sprawl, it’s important that they implement a ‘Just-in-Time’ approach with multi-factor authentication (MFA). This grants privileges only as needed for a set amount of time, and minimizes the sprawl that ultimately exposes companies to potential breaches.”