A pioneering researcher from the University of Huddersfield has introduced innovative software aimed at countering a prevalent cybersecurity threat identified as ‘permissions creep.’
Dr Parkinson, a senior lecturer in Computer Science with expertise in cybersecurity, has developed ‘Creeper,’ leveraging machine learning to enhance security measures within corporate environments.
Permissions creep arises when employees, as their roles evolve or they progress in their careers, accumulate and retain excessive permissions to access company systems. This issue poses a significant security risk as it can lead to unauthorized access to sensitive information. Currently, businesses conduct manual audits to identify and rectify this problem.
‘Creeper’ is an innovative software solution designed to streamline the detection of permissions creep through the use of machine learning. Dr Parkinson explains, “Creeper is able to calculate a benchmark level of what it thinks is normal,” enabling it to identify outliers that deviate from the established norm.
The software establishes a baseline of normal access patterns and identifies anomalies, facilitating prompt action before any potential security breaches. If an employee inadvertently installs malware or ransomware, the risk of severe data compromise is exponentially higher if they hold excessive permissions, making this software crucial for mitigating such threats.
Dr Parkinson’s development of ‘Creeper’ was made possible through a £25,000 grant from the Researcher in Residence programme at Digital Catapult Centre Yorkshire. This support underscores the significance and potential impact of this tool in enhancing cybersecurity practices within businesses ahead of the stringent GDPR regulations.
With the enforcement of the General Data Protection Regulation (GDPR) from May, the ‘Creeper’ tool offers timely benefits for businesses aiming to tighten their data security measures. Dr Parkinson notes, “Fines for data breach could be stiffer under the GDPR,” highlighting the importance of proactive measures to avoid substantial penalties.
The development of ‘Creeper’ sets a precedent for future innovations in cybersecurity. The integration of machine learning to address permissions creep not only enhances security but also promotes the adoption of advanced technologies to tackle evolving cyber threats. This tool potentially opens pathways for further research and development in the field.
The industry has shown significant interest in ‘Creeper,’ recognizing its potential to revolutionise how businesses approach cybersecurity. Positive reception from early adopters suggests that this tool may become an essential component of corporate security strategies.
In summary, ‘Creeper’ represents a significant advancement in addressing the issue of permissions creep.
Developed by Dr Parkinson, this tool stands as a testament to the potential of machine learning in enhancing cybersecurity measures, particularly in preparation for the GDPR.