“May God defend me from my friends: I can defend myself from my enemies,” said French Philosopher Voltaire more than 300 years ago. This dictum proves very relevant in the current information age more than ever. Some of the worst security breaches faced by businesses are caused by trusted insiders. And it is only growing in number and intensity.
Organizations today are focusing so hard on combating external threats that they are left completely off-guard when threats come from their own people. Nevertheless, the consequences are equally devastating.
The term ‘insider’ includes not only the employees on the company rolls at the moment, but also former employees, third-party vendors, and contractors. Any of these could turn malicious anytime leading to data exposure, unauthorized access, financial loss, and reputation loss.
According to media reports, the recent high-profile ransomware attack on the software giant Accenture is suspected to have had the involvement of an insider (though it is too early to conclude anything).
Just a year ago, the FBI arrested a Russian, who reportedly offered USD 1 Million to an employee of Tesla to install malware on Tesla’s network. The Tesla employee turned down the offer and alerted his employer.
The insider threat has taken multiple dimensions and is becoming a serious concern for organizations of all types and sizes.
Before discussing how do we mitigate insider threats, let us analyze some recent trends.
Security researchers and analysts have estimated that insider threats will account for one-third of all data breaches in 2021. Forrester Cybersecurity Trends states that 33% of breaches in 2021 are going to be insider threat-related, up from 25% from last year.
The total shift to remote work mode due to the pandemic seems to be adding fuel to the fire. Researchers say that uncertainties in jobs due to a ravaged economy combined with the forced remote working model is leading to increased risk due to insiders. Working in isolation outside the office environment and without the security arsenal typical of in-office work, remote workers have ample opportunities to exploit legitimate access granted to them without being quickly detected.
The Verizon study, considered as a gold standard, reveals that Cybersecurity incidents are very much prevalent across all the major industries with Financial and Healthcare verticals spearheading the pack in the “Misused Privileged Access” and “Lost or Stolen Assets” categories.
With most organizations contemplating a remote or hybrid working model for the foreseeable future, the above statistics assume significance for the enterprises to remain more vigilant and take proactive measures against the rising insider threats.
Insider threat is real. Let us analyze the factors that lead to insider exploitation.
Insider exploitation mostly relates to the abuse or misuse of legitimate access. That also makes detecting insider threats very tough as these actors have legitimate access to organization systems and data. For example, data or information related to intellectual property, customers, financial data, strategic business initiatives, legal issues, etc. are sensitive and have to be accessed only by the senior executives of respective functions.
On the other hand, users with administrative access - also called IT or sysadmins, have elevated access to IT systems within the network with the unique ability to change key system configurations. While most of the privileged users use their access judiciously, there are always a few who misuse it.
According to an IBM study on insider threats,
An incident that happened more than 8 years ago involving a former General Electric (GE) employee, Jean Patrice Delia, who had exploited valuable proprietary data and trade secrets is a classic example. Delia reportedly persuaded an IT administrator to grant him special privileges to access sensitive information. He shared the data via emails to his co-conspirator in their pursuit of starting a rival company.
Malicious users with privileged access need not have to hack anything. They just need to log in. So, while spending heavily on acquiring a security arsenal to combat external threats, organizations should focus on the insider threat angle too. Combating insider threats requires concentration on certain basic security aspects.
You can effectively combat insider threats by having a proper Privileged Access Management (PAM) solution in place. Securden Unified PAM serves as a full-featured privileged access security solution and helps establish a fully controlled, least privileged, zero-trust access, which is continuously monitored.
In addition, it helps in protecting passwords, enforcing password management best practices. You can ensure just-in-time and just-enough access to the IT infrastructure. Securden Unified PAM also helps in enforcing the least privilege, application, and command controls on servers and endpoints. It helps you to remove administrator privileges on computers and control application usage without impacting productivity. It seamlessly elevates applications for standard users. Through robust workflows and policy-based controls, the end-user experience remains the same even when administrator rights are removed.
Schedule a demo or start a 30-day trial now.
May God defend me from my friends
As stories of trusted insiders causing information security breaches continue to unfold, it’s time organizations woke up to...
Dec 21 · 4 min read
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Apr 01 · 6 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Mar 13 · 6 min read