Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.

Data breaches have become all too common in the news these days, almost to the point that we are growing to accept their inevitability and impact. But breaches are very costly to remediate after the fact. More importantly, it can be devastating to an organization’s reputation when such a breach is made public and trust is lost.

An Insider Threat Can Wreak Havoc

As it turns out, most of these breaches ultimately can be traced back to an insider threat. Most people associate insider threats with disgruntled employees or ex-employees, which is very common and difficult to anticipate on an enterprisewide scale. However, unintentional mistakes by underskilled privileged users can also wreak havoc.

Enterprises expose themselves to well-publicized damage when privileged credentials are hijacked by cybercriminals who are able to penetrate the network perimeter and then have unfettered access to sensitive data due to weak controls. This may include passwords written on desktop sticky notes or shared passwords maintained in undersecured spreadsheets.

It’s also important to note that privileged access controls are not just a security concern, but also a corporate governance concern. Many of the industry-specific regulations worldwide require strict access controls for privileged users.

The Right Approach to Risk Management

In thinking about how to address these risks, organizations need to take a balanced approach. To be sure, strict controls need to be placed on the most sensitive access credentials. The use of those credentials must be restricted and tracked when used. Details of privileged access use must be available for forensic investigations and audits.

However, there also needs to be a consideration for productivity. Those same privileged users will be responsible for restoration of application access in case of an outage or regular application maintenance within a tight maintenance window. Thus, the productivity of those users is a key consideration.

Another factor to keep in mind is the nature of those privileged users. They may be traditional IT administrator employees, but they could also be outsourced IT contractors. Or they might not be IT employees at all but rather line-of-business data administrators. In all cases, anyone with access to sensitive data needs to be tracked.

Even applications or scripts that require the use of elevated privileges to access databases and other applications need to be monitored. This category is often the least controlled and the most vulnerable. Cleartext passwords, which are typically never changed in these scripts and applications, can easily be compromised by a knowledgeable but disgruntled insider or an experienced cybercriminal.

The market has responded to the insider threat with many point solutions and an impressive array of security features to address these risks. However, given the increasing sophistication of today’s well-funded cybercriminals, no single solution is enough. Organizations need a layered approach using a cohesive set of well-integrated applications that each address a different aspect of the insider threat problem.

More from Identity & Access

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website GTAForums.com. Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…

What is the Future of Password Managers?

In November 2022, LastPass had its second security breach in four months. Although company CEO Karim Toubba assured customers they had nothing to worry about, the incident didn’t inspire confidence in the world’s leading password manager application. Password managers have one vital job: keep your sensitive login credentials secret, so your accounts remain secure. When hackers compromise these software applications, the entire industry of identity and access management (IAM) takes notice. As an alliance of tech giants leads a global push…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…