July 29, 2013 By Veronica Shelley 3 min read

The infamous NSA security breach reminds us once again of the immense damage that can be caused by a single privileged user with an agenda. Privileged users, with their unlimited access to system and network resources, can access and leak all types of data. While many organizations focus on protecting their systems and infrastructure from external threats, the security risks related to malicious insiders are just as significant.

Edward Snowden may be the most notorious example, but unfortunately he’s not alone. Whether done intentionally or by accident, security breaches by trusted insiders can cause substantial harm to the organization, including loss of trade secrets, embarrassing data leaks, and even non-compliance with security regulations.

So, what lessons can we learn from this latest security breach?

1. Privileged ID’s are growing and so is the associated risk

The trends towards data center consolidation, cloud computing, and virtualization, as well as outsourcing, are generating more privileged IDs in today’s IT infrastructures. This creates an even greater need to centrally manage and secure privileged IDs, as well as to pay attention to whom you are granting privileged ID status. Organizations often delegate specific administrative tasks such as system back-ups and help desk support to a large pool of staff or contractors whose membership changes frequently. Without the proper oversight, someone who hasn’t worked for your organization in months, or even a hacker who has penetrated your system, could have privileged access to your servers, appliances, and networks.

2. Grant user entitlements appropriately and keep them updated

The workplace is dynamic, with new employee hires, job changes, and departures. User entitlements should be updated to adapt to these changes, especially when workers change roles or leave the organization. Because the potential for harm is so great, the number of privileged accounts should be kept to a minimum. Granting privileged ID entitlements should be scrutinized and limited to only those who truly need the privileged access and who have the necessary credentials and clearances. For example, should contractors or outsourcing partners have access to top-secret product plans, customer lists, or patient data?

3. Managing and monitoring privileged users is necessary for both security and compliance

Government regulations and industry standards have become more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts. To effectively mitigate the security risks associated with privileged ID’s, they need to be auditable and have individual accountability. In other words, if several users share one privileged account that causes a security breach, which user is responsible? Once the privileged account is established, organizations should carefully monitor and audit the activities associated with the ID to highlight anomalies or misuse of the account’s privileges. This increased auditability of privileged accounts may prevent security breaches before they happen.

4. Mitigate insider risk and maintain compliance with a privileged identity management solution

Privileged user accounts need to be properly managed, audited, and revoked as needed. If privileged IDs are not properly managed, they can cause accountability and compliance issues and increase the risk for sabotage and data theft. Better oversight of privileged users’ activities can raise a red flag if/when confidential information is being inappropriately accessed, distributed and downloaded.

Organizations don’t need to leave themselves vulnerable to insider threats. With the right security solutions, they can control access to privileged identities and track usage of shared accounts for individual accountability and improved compliance.

I would love to hear your thoughts in the comments below. What do you think about these four lessons we learned latest security breach? What have you learned from the latest security breach?

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today