The infamous NSA security breach reminds us once again of the immense damage that can be caused by a single privileged user with an agenda. Privileged users, with their unlimited access to system and network resources, can access and leak all types of data. While many organizations focus on protecting their systems and infrastructure from external threats, the security risks related to malicious insiders are just as significant.

Edward Snowden may be the most notorious example, but unfortunately he’s not alone. Whether done intentionally or by accident, security breaches by trusted insiders can cause substantial harm to the organization, including loss of trade secrets, embarrassing data leaks, and even non-compliance with security regulations.

So, what lessons can we learn from this latest security breach?

1. Privileged ID’s are growing and so is the associated risk

The trends towards data center consolidation, cloud computing, and virtualization, as well as outsourcing, are generating more privileged IDs in today’s IT infrastructures. This creates an even greater need to centrally manage and secure privileged IDs, as well as to pay attention to whom you are granting privileged ID status. Organizations often delegate specific administrative tasks such as system back-ups and help desk support to a large pool of staff or contractors whose membership changes frequently. Without the proper oversight, someone who hasn’t worked for your organization in months, or even a hacker who has penetrated your system, could have privileged access to your servers, appliances, and networks.

2. Grant user entitlements appropriately and keep them updated

The workplace is dynamic, with new employee hires, job changes, and departures. User entitlements should be updated to adapt to these changes, especially when workers change roles or leave the organization. Because the potential for harm is so great, the number of privileged accounts should be kept to a minimum. Granting privileged ID entitlements should be scrutinized and limited to only those who truly need the privileged access and who have the necessary credentials and clearances. For example, should contractors or outsourcing partners have access to top-secret product plans, customer lists, or patient data?

3. Managing and monitoring privileged users is necessary for both security and compliance

Government regulations and industry standards have become more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts. To effectively mitigate the security risks associated with privileged ID’s, they need to be auditable and have individual accountability. In other words, if several users share one privileged account that causes a security breach, which user is responsible? Once the privileged account is established, organizations should carefully monitor and audit the activities associated with the ID to highlight anomalies or misuse of the account’s privileges. This increased auditability of privileged accounts may prevent security breaches before they happen.

4. Mitigate insider risk and maintain compliance with a privileged identity management solution

Privileged user accounts need to be properly managed, audited, and revoked as needed. If privileged IDs are not properly managed, they can cause accountability and compliance issues and increase the risk for sabotage and data theft. Better oversight of privileged users’ activities can raise a red flag if/when confidential information is being inappropriately accessed, distributed and downloaded.

Organizations don’t need to leave themselves vulnerable to insider threats. With the right security solutions, they can control access to privileged identities and track usage of shared accounts for individual accountability and improved compliance.

I would love to hear your thoughts in the comments below. What do you think about these four lessons we learned latest security breach? What have you learned from the latest security breach?

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…