July 29, 2013 By Veronica Shelley 3 min read

The infamous NSA security breach reminds us once again of the immense damage that can be caused by a single privileged user with an agenda. Privileged users, with their unlimited access to system and network resources, can access and leak all types of data. While many organizations focus on protecting their systems and infrastructure from external threats, the security risks related to malicious insiders are just as significant.

Edward Snowden may be the most notorious example, but unfortunately he’s not alone. Whether done intentionally or by accident, security breaches by trusted insiders can cause substantial harm to the organization, including loss of trade secrets, embarrassing data leaks, and even non-compliance with security regulations.

So, what lessons can we learn from this latest security breach?

1. Privileged ID’s are growing and so is the associated risk

The trends towards data center consolidation, cloud computing, and virtualization, as well as outsourcing, are generating more privileged IDs in today’s IT infrastructures. This creates an even greater need to centrally manage and secure privileged IDs, as well as to pay attention to whom you are granting privileged ID status. Organizations often delegate specific administrative tasks such as system back-ups and help desk support to a large pool of staff or contractors whose membership changes frequently. Without the proper oversight, someone who hasn’t worked for your organization in months, or even a hacker who has penetrated your system, could have privileged access to your servers, appliances, and networks.

2. Grant user entitlements appropriately and keep them updated

The workplace is dynamic, with new employee hires, job changes, and departures. User entitlements should be updated to adapt to these changes, especially when workers change roles or leave the organization. Because the potential for harm is so great, the number of privileged accounts should be kept to a minimum. Granting privileged ID entitlements should be scrutinized and limited to only those who truly need the privileged access and who have the necessary credentials and clearances. For example, should contractors or outsourcing partners have access to top-secret product plans, customer lists, or patient data?

3. Managing and monitoring privileged users is necessary for both security and compliance

Government regulations and industry standards have become more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts. To effectively mitigate the security risks associated with privileged ID’s, they need to be auditable and have individual accountability. In other words, if several users share one privileged account that causes a security breach, which user is responsible? Once the privileged account is established, organizations should carefully monitor and audit the activities associated with the ID to highlight anomalies or misuse of the account’s privileges. This increased auditability of privileged accounts may prevent security breaches before they happen.

4. Mitigate insider risk and maintain compliance with a privileged identity management solution

Privileged user accounts need to be properly managed, audited, and revoked as needed. If privileged IDs are not properly managed, they can cause accountability and compliance issues and increase the risk for sabotage and data theft. Better oversight of privileged users’ activities can raise a red flag if/when confidential information is being inappropriately accessed, distributed and downloaded.

Organizations don’t need to leave themselves vulnerable to insider threats. With the right security solutions, they can control access to privileged identities and track usage of shared accounts for individual accountability and improved compliance.

I would love to hear your thoughts in the comments below. What do you think about these four lessons we learned latest security breach? What have you learned from the latest security breach?

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today