Privileged Access: An Open Pathway to Internal Data Threats
More than half the cyberattacks reported in 2015 came from perpetrators who didn’t need to break through their target’s defenses from the outside — the attackers already had privileged access to the infrastructure and data they targeted for their crimes.
As Information Age noted when reporting on IBM’s “2015 Cyber Security Intelligence Index,” 55 percent of the cybersecurity compromises last year stemmed from internal threats. Company leadership often overlooks these vectors: eSecurityPlanet cited that 72 percent of data security professionals said company leadership directs the majority of its attention at external attacks.
Quantifying Weak Spots: Privileged Access Vulnerabilities
The biggest cyberattack incidents last year all shared a common thread: Privileged access rights were involved.
It’s a given in the increasingly mobile workforce that IT and other professionals will ask for and receive privileges to log into company resources from afar. External logins, however, introduce vulnerabilities that data security can’t always control. Furthermore, granted security rights all too often remain in the hands of workers who no longer need them post-project.
In a recent Wallix white paper, 40 percent of IT professionals polled said it would be difficult to identify whether ex-employees still had access to their system. Additionally, 55 percent said they’d have difficulty in spotting ex-contractors in their system; they might not stand out as being no longer involved with a project.
The key takeaway here is that IT needs to change its approach to access rights, addressing both the fluidity and longevity of how passwords and security measures within their organizations work. Luckily, there are key steps executives can take to control their privileged access ecosystem.
Control Factors: Three Steps to Stronger Security Against Internal Threats
Teams working to limit the potential of internal data compromises can start by focusing on three factors that figure largely into the problem.
- Curtail shared accounts and take control of passwords. A robust IT program around access includes the ability to create, revoke, change and conceal passwords across the network from any location at all times. The security standard should be one account for one user so access can be adequately monitored.
- Keep permissions up to date. User access needs come and go. Similarly, their access rights should be granted and then withdrawn as their interactions with the organization change. IT must prioritize user status as it intersects with access rights.
- Access rights must be organized. Putting the preceding two strategies into play comes down to visualization. Data security depends in large part on centralizing password, user and connection details, being able to see them across a network and then having the power to make changes swiftly when required. An ideal approach includes a dashboard-type environment, empowering departments to audit and alter access in an ongoing flow of giving and taking permissions.
It’s one thing to discover that an element of a business’s network was vulnerable because of an exploit — one that dedicated criminals worked hard to find. It is quite another thing, however, to accidentally leave open a pathway to critical data because privileged access rights got away from security’s watchful eye. Businesses may well expect cybercriminals to make breach attempts, but executives and IT need to refocus their antibreach efforts on both external and internal threats.