Who is Your Most Dangerous Insider?
Is the most dangerous insider threat to your organization the malicious insider who purposely exploits his or her access? Or is it the clueless employee who clicks on the wrong attachment? Actually, it’s neither. The insiders who represent the greatest risk are your “privileged users,” the high-level computer operators who often have powerful, privileged access rights.
Alan Kessler, President and CEO of Vormetric Data Security, describes the risks posed by privileged users in a recent Vormetric blog post:
Simply by having access, privileged users may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data. Unsurprisingly, privileged accounts are very attractive targets for attackers seeking to leverage access privileges for their own nefarious purposes. Therefore, it’s completely accurate to say that all privileged users – regardless of whether or not they have bad intentions – can be considered an “insider threat.”
Alan points to two high-profile cases where privileged users inadvertently provided a way in. At the South Carolina Department of Revenue, hackers stole a state employee’s privileged user credentials after the employee responded to a phishing attack. The result? Hackers were able to steal 3.3 million unencrypted bank accounts and 3.8 million tax returns. More recently, hackers infiltrated Sony’s system by stealing the computer credentials of a Sony systems administrator, according to a CNN report. That breach shook Sony to its core.
The lesson is clear:
Organizations that don’t properly control privileged user or system administrator access are setting themselves up for infiltration by malicious insiders or crafty outsiders looking to take advantage of the wealth of data at their disposal.
Kessler offer some valuable tips for protecting data from insider misuse:
- Realize that your data is the target, not your network.
- Rein in your privileged users.
- Take advantage of solutions that restrict access to sensitive information while still giving privileged users access to the tools they need to perform their work.
- Establish a broad-based “data-first” protection strategy.
Stay tuned for more cybersecurity insights from Vormetric on the Cyber Attack Defenders blog.
In the meantime, you can read the full Vormetric blog post here.