The employees most likely to put company data at risk are privileged users who have higher levels of access rights to sensitive data than basic users. This is according to a new study from the Ponemon Institute that explores security issues related to privileged user abuse and malicious insider threats.
Tasked with managing and safeguarding the most valuable information an organization generates and processes, privileged users include database administrators, network engineers, IT security practitioners and cloud custodians. A data breach, whether malicious or unintentional, caused by users with privileged access can be substantially more damaging than other types of security incidents, due to the value and sensitivity of the information they have access to.
Research from Vormetric has found that 55 percent of respondents see privileged users as the greatest risk to the organization, and 89 percent believe their organizations are at risk from users with high levels of access rights to sensitive information. According to Trustwave, insider threats are increasing, rising from 38 percent of all threats in 2015 to 42 percent just one year later. The spike is attributed to employee mistakes or the compromise of credentials by malicious insiders. The insider threat is one that all organizations need to take seriously.
External Risks to Privileged Information
Users with higher levels of access are unwitting targets for criminals looking to steal valuable information for their own gain through targeted attacks. In such attacks, criminals look to dupe individuals into giving away their credentials or downloading malware onto their devices. The initial target may not provide the desired access to sensitive information, but they can allow an attacker to gain a foothold on the network, and from there, move laterally in search of credentials with higher levels of data access associated with them. Hence, many security incidents can be the result of a combination of both external and internal threats.
According to the Ponemon study, one of the reasons why threats from privileged users loom so high is that many organizations (56 percent) lack visibility into what access rights users have. For most organizations, only 10 percent of their budget is allocated toward addressing privileged users and security.
Combating Security Threats
Reducing the threat from insiders, especially those with privileged access levels, requires a combination of people, processes and technology. It’s important to establish a culture of security that’s pervasive throughout an organization, from new hires to long-standing corporate executives. All must be made aware of the threats and their obligations in safeguarding sensitive data. Security awareness training that’s repeated regularly will help considerably, as will the ability to enforce adherence to the company security policy. It’s essential that such policies outline sanctions that will be imposed for non-compliance and that everyone in the organization is aware of them.
Technology will also help to give control back to the organization. However, too many organizations continue to rely on traditional controls such as basic SIEM (security information and event management) systems that provide reams of information but lack additional context, leaving security teams battling to make sense of a ton of alerts, many of which will be false positives.
To combat the threat, organizations need to take a layered approach to security, using multiple controls in combination and investing in advanced technologies to interpret enormous streams of data to find out what’s really relevant. Access controls need to be stringent, with stronger forms of authentication required for access to the most sensitive data, along with an audit trail of who has done what. Given the growing levels of mobility that organizations must deal with, users should be required to use only highly secure devices with built-in security to ensure that the data on those devices is adequately safeguarded.
The Ponemon report indicates that there’s still a gap between organizational awareness of the issues surrounding privileged users and their ability to solve the problem. In order to combat this growing issue, organizations must make a concerted effort to drive a culture of security throughout the company.
Although many employees are lax when it comes to mobile security, there are ways your business can increase security without sacrificing productivity.