An industry analyst report by Forcepoint and Ponemon Institute, titled “The 2016 Study on the Insecurity of Privileged Users” has come to some troubling revelations. The study is based on results of a recent survey of some 704 IT operations and security managers. 66% of participants believe that privileged users access confidential or sensitive data out of curiosity. Worse, 74% of participants feel that privileged users believe they are entitled to access this type of data.
The report stresses on the fact that privileged employees are often the riskiest in an organization. To begin with:
- 55% of respondents do not, or are unsure if they correlate data from multiple sources;
- 56% of the respondents are not confident they have the enterprise-wide visibility for privileged user access and can determine if users are compliant with policies.
Other crucial findings of the report:
- 43% of commercial organizations and 51% of federal organizations can monitor their privileged users;
- 18% of participants are certain that they have enterprise-wide visibility for privileged users. 46% think that attacks often start with malicious insiders that obtain privilege rights via social engineering;
- 58% of respondents fear that organizations are authorizing unnecessary access to employees. Furthermore, 91% predict that the situation with insider threats will continue to worsen if things don’t change.
Forcepoint technical director of insider threat solutions Michael Crouse has said that:
The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions said in a statement. Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do.
If you think that the report’s findings are exaggerating the truth, there’s a similar survey conducted by Mimecast. The Mimecast report is based on answers of 600 IT security managers. According to 90% of the participants, malicious insiders are a big threat to security, 55% rating them as a moderate or high level threat. One in seven managers views malicious insiders as a number 1 threat.
What Can Businesses Do to Minimize the Damage of Malicious Insiders?
One thing that can be done is assigning role-based permissions to admins for better control over key systems. This is one way to restrict a malicious insider from acting. Another method is implementing internal safeguards and data exfiltration control. This is done to detect and mitigate the risk of insider threats, and get in the way of confidential data being leaked outside the organization’s network.
Lastly, all major organizations that often attract malicious attention should implement employee security training programs.