What is Privilege Creep?
Privilege Creep occurs when users accumulate access rights over time beyond what is necessary for their role. This often happens due to role changes, poor access reviews, or lack of proper Identity and Access Management (IAM) controls.
Privilege creep increases risk by expanding the Attack Surface and enabling unauthorized access.
What is Privilege Creep used for?
Privilege creep is not an intentional attack but a condition that can be exploited by attackers or Insider Threat actors. It can lead to unauthorized access, data exposure, and privilege escalation.
Organizations address privilege creep through Access Control reviews, enforcement of the Principle of Least Privilege (PoLP), and continuous monitoring of user permissions.