Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.

Data breaches have become all too common in the news these days, almost to the point that we are growing to accept their inevitability and impact. But breaches are very costly to remediate after the fact. More importantly, it can be devastating to an organization’s reputation when such a breach is made public and trust is lost.

An Insider Threat Can Wreak Havoc

As it turns out, most of these breaches ultimately can be traced back to an insider threat. Most people associate insider threats with disgruntled employees or ex-employees, which is very common and difficult to anticipate on an enterprisewide scale. However, unintentional mistakes by underskilled privileged users can also wreak havoc.

Enterprises expose themselves to well-publicized damage when privileged credentials are hijacked by cybercriminals who are able to penetrate the network perimeter and then have unfettered access to sensitive data due to weak controls. This may include passwords written on desktop sticky notes or shared passwords maintained in undersecured spreadsheets.

It’s also important to note that privileged access controls are not just a security concern, but also a corporate governance concern. Many of the industry-specific regulations worldwide require strict access controls for privileged users.

The Right Approach to Risk Management

In thinking about how to address these risks, organizations need to take a balanced approach. To be sure, strict controls need to be placed on the most sensitive access credentials. The use of those credentials must be restricted and tracked when used. Details of privileged access use must be available for forensic investigations and audits.

However, there also needs to be a consideration for productivity. Those same privileged users will be responsible for restoration of application access in case of an outage or regular application maintenance within a tight maintenance window. Thus, the productivity of those users is a key consideration.

Another factor to keep in mind is the nature of those privileged users. They may be traditional IT administrator employees, but they could also be outsourced IT contractors. Or they might not be IT employees at all but rather line-of-business data administrators. In all cases, anyone with access to sensitive data needs to be tracked.

Even applications or scripts that require the use of elevated privileges to access databases and other applications need to be monitored. This category is often the least controlled and the most vulnerable. Cleartext passwords, which are typically never changed in these scripts and applications, can easily be compromised by a knowledgeable but disgruntled insider or an experienced cybercriminal.

The market has responded to the insider threat with many point solutions and an impressive array of security features to address these risks. However, given the increasing sophistication of today’s well-funded cybercriminals, no single solution is enough. Organizations need a layered approach using a cohesive set of well-integrated applications that each address a different aspect of the insider threat problem.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read