• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Network Security

Data Breaches: An Inside Job?

Privileged access abuse is on the rise and could be responsible for serious data breaches.

May 3, 2019 Lisa Montgomery Leave a Comment

data breaches

It used to be that we worried mostly about cyberattacks from outside sources. This type of threat still exists, no doubt, but becoming more troubling for CIOs is the rising abuse from attackers on the inside—often from their own employees. According to the 2018 Insider Threat Report conducted by Crowd Research Partners, 90 percent of surveyed organizations felt vulnerable to insider threats. Of those insider threats, regular employees (56 percent), privileged users (55 percent) and contractors (42 percent) posed the largest concern for respondents. Insider threats can include departing employees who maliciously wreak havoc or or privileged users who inadvertently change business-critical controls.

CIOs are finding themselves in a predicament: protect their businesses while also streamlining access to the information and systems their companies need to grow.

Regardless of who attacks, where they attack, or why, privileged access is opening the door to all kinds of data breaches. This is why enterprise security approaches based on Zero Trust continue to gain adoption.

An article published recently in Forbes outlines six recommended strategies for CIOs on how to stop privileged credential abuse.

  1. After completing an inventory of privileged accounts, create a taxonomy of them by assigning users to each class or category, personalizing privileged credential access to the role and entitlement level for each.
  2. By each category in the taxonomy, automate the time, duration, scope, resources, and entitlements of privileged access for each focusing on the estimated time to complete each typical task.
  3. Using the taxonomy of user accounts created and hardened using the separation of duties model, automate privileged access and approval workflows for enterprise systems.
  4. Break-glass, emergency or firecall account passwords need to be vaulted, with no exceptions. The recent Centrify survey found that just 48% of organizations interviewed have a password vault. 52% are leaving the keys to the kingdom available for hackers to walk through the front door of data centers and breach data whenever they want.
  5. Continuous delivery and deployment platforms including Ansible, Chef, Puppet, and others need to be configured when first installed to eliminate the potential for privileged access abuse.

 

Other strategies include: discovering and inventorying all privileged accounts; vaulting all cloud platforms’ Root Accounts; auditing privileged sessions and analyzing patterns to find privileged credential sharing not found during audits; enforcing least privilege access now within your existing infrastructure as much as possible; and adopting multi-factor authentication (MFA) across all threat surfaces that can adapt and flex to the risk context of every request for resources.

Tagged With: Cyber Attacks, Cyber Security, Data Security

Related Content:

  • Yubico, Security Keys Yubico Launches New Security Keys, Updated Enterprise Subscription…
  • IT news, This Week in it, Microsoft 365, Hive ransomware, iOS 16.3, AltspaceVR, RMM software This Week in IT: Microsoft Outage, VR, Cyberattacks,…
  • Cloud Security, Varonis Varonis Launches Automated Posture Management
  • K-12 Cybersecurity This K-12 Cybersecurity Resource Offers Useful Guidance for…

Free downloadable guide you may like:

  • Blueprint Series Cover: What works for hybrid workBlueprint Series: What Works for Hybrid Work

    Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.