Data Breaches: An Inside Job?

It used to be that we worried mostly about cyberattacks from outside sources. This type of threat still exists, no doubt, but becoming more troubling for CIOs is the rising abuse from attackers on the inside—often from their own employees. According to the 2018 Insider Threat Report conducted by Crowd Research Partners, 90 percent of surveyed organizations felt vulnerable to insider threats. Of those insider threats, regular employees (56 percent), privileged users (55 percent) and contractors (42 percent) posed the largest concern for respondents. Insider threats can include departing employees who maliciously wreak havoc or or privileged users who inadvertently change business-critical controls.

CIOs are finding themselves in a predicament: protect their businesses while also streamlining access to the information and systems their companies need to grow.

Regardless of who attacks, where they attack, or why, privileged access is opening the door to all kinds of data breaches. This is why enterprise security approaches based on Zero Trust continue to gain adoption.

An article published recently in Forbes outlines six recommended strategies for CIOs on how to stop privileged credential abuse.

1. After completing an inventory of privileged accounts, create a taxonomy of them by assigning users to each class or category, personalizing privileged credential access to the role and entitlement level for each.
2. By each category in the taxonomy, automate the time, duration, scope, resources, and entitlements of privileged access for each focusing on the estimated time to complete each typical task.
3. Using the taxonomy of user accounts created and hardened using the separation of duties model, automate privileged access and approval workflows for enterprise systems.
4. Break-glass, emergency or firecall account passwords need to be vaulted, with no exceptions. The recent Centrify survey found that just 48% of organizations interviewed have a password vault. 52% are leaving the keys to the kingdom available for hackers to walk through the front door of data centers and breach data whenever they want.
5. Continuous delivery and deployment platforms including Ansible, Chef, Puppet, and others need to be configured when first installed to eliminate the potential for privileged access abuse.

 

Other strategies include: discovering and inventorying all privileged accounts; vaulting all cloud platforms’ Root Accounts; auditing privileged sessions and analyzing patterns to find privileged credential sharing not found during audits; enforcing least privilege access now within your existing infrastructure as much as possible; and adopting multi-factor authentication (MFA) across all threat surfaces that can adapt and flex to the risk context of every request for resources.