Don’t Overlook the Insider Threat, Protect Privileged Access
July 8, 2016 | Security and Risk | John Worrall
A newly released Ponemon Institute study revealed that 72 percent of surveyed organizations are not confident in their ability to manage and control employee access to high-value information, such as trade secrets, new product designs, merger and acquisition activity, financial data and confidential business information. Additionally, the report pointed to privileged company insiders as the biggest threat to enterprises today. Think of the game-changing Snowden revelations or the more recent Panama Papers incident – examples of insiders with access to highly sensitive company information who leaked information to the public.
The same week the Ponemon survey was published, new developments in the highly publicized Morgan Stanley insider data breach emerged, underscoring the severity – and far-reaching consequences – of malicious, privileged insider attacks. To summarize the breach, in 2014 a Morgan Stanley financial adviser gained access to, then illicitly downloaded, customer data from 730,000 customer accounts. He was able to reach these accounts by utilizing privileged credentials that were not properly protected. After he transferred this information to a personal server, a third party breached the system and posted the information for sale on the Internet. After a two-year investigation of the incident – which some experts say was the biggest data theft at a wealth management firm to-date – the SEC determined that Morgan Stanley failed to sufficiently safeguard its customer data from unauthorized access. The company was issued a cease-and-desist order and was fined $1 million – a penalty that demonstrates the SEC’s heightened focus on cyber security.
This case is significant as it represents one of the first times a major industry player – also technically the “victim” of the attack – has been penalized for violating the Safeguards Rule, which requires financial organizations to adopt written policies and procedures reasonably designed to safeguard customer records and information from threats that include unauthorized access. In this particular case, the employee used privileged access to information and blatantly violated company policy. Often the “insider threat” isn’t as black and white as this. Security professionals must be constantly vigilant for many different threats inside the organization – from malicious contractors who have authorized access, to former employees who still have privileged access to business critical systems, to employees at risk of causing unintentional abuse.
To effectively minimize the insider threat, it’s important to first realize that it doesn’t matter where an attack starts or from whom. What matters is that privileged access – not people – is the true insider threat. Once this is understood, it’s critical to implement privileged account security solutions that offer insider threat protection to:
- Ensure that only authorized users are able to access powerful privileged accounts
- Prevent users from being able to gain unapproved elevated privileges
- Establish strict accountability over the use of privileged accounts by tracking who accessed what accounts and what actions were taken
- Improve forensic analysis and by generating a detailed, tamper-proof audit trail of all privileged account activity
- Rapidly detect, and be alerted on, anomalous activity that could signal an inside attack in-progress
Learn about more about how the CyberArk Privileged Account Security Solution helps organizations to proactively limit user privileges and control access to privileged accounts to reduce the risk of an insider attack here on our website.