While the US military was busy watching Iran, China, and North Korea, an insider–Bradley Manning–compromised classified information. While the NSA was busy spying on would-be terrorists, an insider–Edward Snowden–exposed confidential secrets. Companies and government agencies of all sizes around the world are focused on an “us vs. them” battle that assumes the authorized users inside the network are the “good guys”, but [inlinetweet prefix=”” tweeter=”” suffix=””]whether intentionally or inadvertently it is these insiders who pose the greatest risk.[/inlinetweet]
I wrote a blog post about the threat posed by authorized users inside your network:
There is a common thread among many of the major attacks that have occurred in the past couple of years—they were perpetrated either directly or indirectly by someone on the inside. While most of network and computer security is still focused on guarding against external threats, the reality is that privileged users on the inside of your network are also a very real threat.
At the 2014 RSA Security Conference, there was a session titled “Are Your Privileged Users at Risk or a Risk?” that discussed this issue. Ultimately, the answer is “yes” or “both,” but it was enlightening to hear experts talk about the risks associated with privileged users and the access they have on your network.
A couple of major data breaches have occurred in recent years that were inside jobs. Users with authorized access to sensitive or confidential data intentionally abused that trust and compromised the data they had access to.
There have also been a few major security incidents or data breaches that were outside attacks, facilitated by compromising the credentials of an authorized user. Once an attacker acquires the username and password of a trusted user with access to sensitive systems and data, they can access those systems and data as the user, and there is effectively no difference between the outside attacker and an “inside job.”
Read the full article on the RSA blog: Protecting Yourself Against Your Own Users.