BusinessWeek recently published a fascinating article, highlighting that seventeen years prior to Ed Snowden releasing documents, analysts were warning the agency against just such an insider threat.
In the 1996 edition of Cryptologic Quarterly, an NSA magazine, an unidentified analyst wrote:
“In their quest to benefit from the great advantages of networked computer systems, the U.S. military and intelligence communities have put almost all of their classified information ‘eggs’ into one very precarious basket: computer system administrators… A relatively small number of system administrators are able to read, copy, move, alter, and destroy almost every piece of classified information handled by a given agency or organization. An insider-gone-bad with enough hacking skills to gain root privileges might acquire similar capabilities. It seems amazing that so few are allowed to control so much — apparently with little or no supervision or security audits.”
This was a chilling warning of what many companies have experienced – the specter and threat of privileged account abuse hangs over every company. The privileged insider/rogue employee has always been the greatest internal threat businesses face.
The problem today has increased exponentially. Outside cyber-attackers quickly realized that the best way to steal information from a company was to become a privileged insider. As CyberSheath has pointed out in their own research, 100 percent of all successful advanced attacks are conducted with stolen privileged credentials.
Cyber-attackers have learned the lessons of the threat privileged accounts pose to the enterprise and are using this knowledge against businesses. It’s time for businesses to listen to their own lessons and catch up to minimize this threat.