As such, when users are ‘over-privileged’ in terms of rights and permissions there is an even greater danger that they will be empowered to do far more damage to an organization if they fall victim to such a phishing attack or other malware infection.
Within the IT team, unplanned changes, bypassing any change control, can cause operational performance and security issues.
Therefore the best approach is to accept that human beings are fallible and will make mistakes and to recognize that checks and balances are going to be essential. Best practice based security standards require the use of file integrity monitoring, audit log analysis, and vulnerability scanning to head off problems.
File Integrity Monitoring (FIM) is advocated as an essential security defense by all leading authorities in security best practices, such as NIST and the PCI Security Standards Council; it will ensure that a secure, hardened build standard is maintained at all times and, if there any changes in underlying core file systems (such as when an unwittingly phished employee introduces malware), this will be reported in real-time.
The fact is that every business is at risk at all times and defenses and detection mechanisms must be implemented, the time to act is now.