The impact of data breaches in 2014, coupled with the demands of the application economy, has greatly influenced the way security professionals view and approach identity and access management.
With more and more data stored online and increasingly sophisticated tactics used by cyber-criminals, organizations have started to pay more attention to what is happening inside their network perimeter. Recent famous data breaches like Sony and Target have further underlined the importance of appropriate data protection, but there are still some threats that don’t get enough attention from IT security teams.
Insider threats are among the most concerning security challenges. Consider the Snowden leaks, one of the only high-profile examples. Why don’t other insider breaches receive extensive publicity? Because companies aren’t forthcoming to discuss this type of breach, as it places the spotlight on their own employees and admits security flaws.
There are two sides to the insider threat coin that make protecting against it a real struggle for organizations: the technical side and the human side. Technically, employees need access to information and enterprises cannot lock down the data and systems so tightly that they make it impossible for employees to do their jobs effectively.
This is particularly challenging with IT administrators who need broad access to shared accounts on IT systems that hold sensitive and privileged information. Yet the reality is that employees are only human and are prone to making mistakes. From executives to IT administrators to partners, many people have access to sensitive data that, if publicly exposed, could have significant ramifications to an organization’s business – or even its existence.
Most insider threats are made up of three categories: Malicious insiders, who deliberately steal information or cause damage; exploited insiders, who may be tricked by external parties into sharing data or passwords; and careless insiders, who may simply press the wrong key, accidentally delete or modify critical information or lose devices with sensitive information.
“Employees need access to sensitive data and critical systems in order to do their job and a level of trust has to be associated with that access”
In order to better protect themselves from an insider breach, organizations need to focus on security fundamentals and find the right balance between employee enablement and control.
To overcome security challenges in a business environment, organizations need to take a proactive, rather than reactive, approach to threats. A good start is to apply the security fundamental of ‘least privilege’ to privileged, administrative accounts. Many security controls can be applied to secure privileged identities, including shared account password management, access controls identity management and governance, and advanced authentication. These actions allow a solid security foundation to be established for physical, virtual and cloud environments
Trust is also an essential element in any organization. In many enterprises, employees need access to sensitive data and critical systems in order to do their job and a level of trust has to be associated with that access. Understanding and managing that trust is the most critical – and difficult – challenge of dealing with insider threats.
However, this does not mean giving employees unrestricted and unnecessary access to information, but an adoption of appropriate security controls, monitoring capabilities, and security analytics, which will help enterprises significantly reduce their exposure to the risk of insider threats.
There are many tools that can help companies achieve this goal. Managing identities, access and data can help organizations find the right balance between enablement and the sharing of sensitive data. Organizations can reduce the risk of all three types of insider threats (malicious, exploited, and careless) by enabling accountability, implementing least privilege access, and controlling sensitive data.
Accountability will make malicious insiders think twice before acting, help to identify exploited insiders and make users more careful with their actions. Least privilege access will deny actions and limit the damage done by all types of insider attacks, including inadvertent but damaging actions. And by controlling sensitive data directly, businesses can prevent it from being exported out of their network using tools such as USB drives or even email.
The threat from insiders is real and growing. Organizations must sober up to the reality that it is no longer an abstract concept, but something that could happen at any time.
Instead of adopting a ‘bunker’ mentality and simply accepting the inevitability of such attack, organizations should adopt a more proactive stance towards combating these threats. Awareness and understanding of insider threats is the first step towards successful protection and getting the fundamentals of all-round protection right will go a long way in helping enterprises face the threat from inside.
About the Author
Russell Miller has spent over eight years in network security in various roles from ethical hacking to solutions marketing. He is program marketing director at CA Technologies. Russell has a BA in Computer Science from Middlebury College and an MBA from the MIT Sloan School of Management.