Privilege comes with peril in world of cybersecurity

Insider threat takes twist for the worst: malicious intent

By

June 18, 2012CSO — Security experts have been warning enterprises for some time that the greatest security threats come from within: their own employees. And that message has apparently gotten through, according to a new survey. But those results also came with a disturbing twist: malicious employees.

Security vendor Cyber-Ark's "2012 Trust, Security & Passwords Survey" finds 71% of 820 IT managers and C-level professionals interviewed said insider threats were their priority concern. But instead insider threats being unintentional -- employees being careless or simply unaware of security protocols and with the Bring-Your-Own-Device (BYOD) trend -- survey respondents said a significant share of the threat is from malicious insiders.

Insider hostility could be for any number of reasons: being passed over for a promotion, not getting an expected bonus, the threat of being fired or even industrial espionage. But it gains major potency when insider knowledge or access is combined with "privileged accounts," which can be the "keys to the kingdom."

Mark Diodati, senior analyst for identity management and information security at Burton Group, writing on SearchSecurity, notes that such accounts are necessary for platforms to function, for emergency and for day-to-day tasks. "[But] they are notoriously difficult to secure because they don't belong to real users and are usually shared by many administrators," he wrote

"Yet a down economy increases the risk of disgruntled workers, making it more important than ever to have a system in place to control privileged access," Diodati wrote. "[Privileged accounts can] breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data."

Udi Mokady, founder and CEO of Cyber-Ark, said that attackers target employees with such privileged access. "It's clear that privileged access points have emerged as the priority target of enterprise cyber-assaults," he said.

However, some experts agree that breaching privileged accounts can cause major damage, but they say the threat posed by insiders -- especially malicious insiders -- is exaggerated.

Mark Baldwin, CISSP and principal researcher and consultant for InfosecStuff, said while 71% of respondents to a survey may believe the insider threat is the greatest, "evidence does not support this belief."

For example, the 2012 Verizon Data Breach Report, which uses empirical data rather than survey data, shows that only 4% of data breaches in 2011 involved insiders, Baldwin notes.

"And the percentage of breaches involving insiders has been declining for years," he said. "This is an example of peoples' beliefs not aligning with reality."

Kevin McAleavey, cofounder and chief architect for the KNOS Project, said he believes some employees may deliberately sabotage their employers, "but they are few."

RESOURCE CENTER