A University of Huddersfield researcher has developed new software designed to protect businesses against a cybersecurity threat called ‘permissions creep’.
Dr Parkinson, senior lecturer in Computer Science with a specialty in cybersecurity, says ‘Creeper’ uses machine learning to detect whether an employee’s access to files, folders and apps are consistent with the rest of the company.
‘Permissions creep’ is a problem that happens when employees – as their career develops or their role changes – accrue and retain increasing numbers of permissions to gain access to a company’s file systems and directories.
The software uses machine learning to detect whether an employee’s access is consistent with the rest of the company.
Businesses currently identify permissions creep through a manual audit. ‘Creeper’ is designed to speed up and secure this process.
“Creeper is able to calculate a benchmark level of what it thinks is normal,” explained Dr Parkinson. “Then it is able to look for outliers that don’t match that model.”
If an employee with too many permissions unwittingly installs malware or ransomware then there is a higher potential for it to gain access to more information.
Dr Parkinson developed the software after being awarded a £25,000 Researcher in Residence programme at the Bradford-based Digital Catapult Centre Yorkshire.
The researcher says that the tool can be used to tighten up data security practices ahead of the General Data Protection Regulation (GDPR), enforced from May this year.
“Fines for data breach could be stiffer under the GDPR,” said Dr Parkinson. “This makes the development of the Creeper tool especially timely.”