Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.

Data breaches have become all too common in the news these days, almost to the point that we are growing to accept their inevitability and impact. But breaches are very costly to remediate after the fact. More importantly, it can be devastating to an organization’s reputation when such a breach is made public and trust is lost.

An Insider Threat Can Wreak Havoc

As it turns out, most of these breaches ultimately can be traced back to an insider threat. Most people associate insider threats with disgruntled employees or ex-employees, which is very common and difficult to anticipate on an enterprisewide scale. However, unintentional mistakes by underskilled privileged users can also wreak havoc.

Enterprises expose themselves to well-publicized damage when privileged credentials are hijacked by cybercriminals who are able to penetrate the network perimeter and then have unfettered access to sensitive data due to weak controls. This may include passwords written on desktop sticky notes or shared passwords maintained in undersecured spreadsheets.

It’s also important to note that privileged access controls are not just a security concern, but also a corporate governance concern. Many of the industry-specific regulations worldwide require strict access controls for privileged users.

The Right Approach to Risk Management

In thinking about how to address these risks, organizations need to take a balanced approach. To be sure, strict controls need to be placed on the most sensitive access credentials. The use of those credentials must be restricted and tracked when used. Details of privileged access use must be available for forensic investigations and audits.

However, there also needs to be a consideration for productivity. Those same privileged users will be responsible for restoration of application access in case of an outage or regular application maintenance within a tight maintenance window. Thus, the productivity of those users is a key consideration.

Another factor to keep in mind is the nature of those privileged users. They may be traditional IT administrator employees, but they could also be outsourced IT contractors. Or they might not be IT employees at all but rather line-of-business data administrators. In all cases, anyone with access to sensitive data needs to be tracked.

Even applications or scripts that require the use of elevated privileges to access databases and other applications need to be monitored. This category is often the least controlled and the most vulnerable. Cleartext passwords, which are typically never changed in these scripts and applications, can easily be compromised by a knowledgeable but disgruntled insider or an experienced cybercriminal.

The market has responded to the insider threat with many point solutions and an impressive array of security features to address these risks. However, given the increasing sophistication of today’s well-funded cybercriminals, no single solution is enough. Organizations need a layered approach using a cohesive set of well-integrated applications that each address a different aspect of the insider threat problem.

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today