DATABASE RESOURCES PRICING ABOUT US

{"id": "THREATPOST:8070146A9A666E643F1E621875B1AD7F", "type": "threatpost", "bulletinFamily": "info", "title": "Privileged User Access Lacking Trust But Verify", "description": "Jerome Kerviel, Terry Childs, Edward Snowden: All infamous insiders; all reviled to differing degrees for abusing their access to computer-based resources.\n\nAnd likely, all of them could have been stopped if their respective employers had a better grasp on what these privileged users were doing.\n\nNew [research](<http://www2.trustedcs.com/Raytheon-PonemonSurveyResearchReport>) commissioned by Raytheon Corp., asked 700 database administrators, network engineers, IT security admins and cloud computing admins about privileged user abuse. The results likely aren\u2019t that surprising to IT managers: individuals are given more access than necessary to carry out their day-to-day duties; access is abused to view sensitive data that is not pertinent to their jobs; formal policies are lacking, and those that do exist are not properly enforced.\n\n\u201cOne thing that gets people in trouble is if you have individuals with access to HR or IT information and they are their poking nose into financials or information about sales. Often they\u2019re only doing it because they\u2019re curious or feel they\u2019re empowered,\u201d said Michael Crouse, director of insider threat strategies at Raytheon. \u201cPrivileged users feel empowered they can view any information; \u2018I can view it, I\u2019m gonna look. If I\u2019m given access, it must mean they want me to look at it, even though it has nothing to do with my job.\u2019\u201d\n\nHalf of the respondents to the survey said their respective organizations do not have policies for assigning privileged access\n\nHalf of the respondents to the survey said their respective organizations do not have policies for assigning privileged access, though for those companies that do, there are fewer ad-hoc approaches than the last time this survey was conducted, in 2011.\n\nThe problem is that insiders are trusted individuals, yet most organizations trust, but do not verify their actions. The result may not be as severe as [Snowden\u2019s surveillance revelations](<http://threatpost.com/snowden-surveillance-prompt-tech-companies-to-re-evaluate-privacy-attitudes/106127>), Kerviel\u2019s $7 billion in fraudulent transactions against Societe Generale SA, or the disgruntled Childs\u2019 refusal to unlock critical systems belonging to the city of San Francisco, but can still expose companies to data or financial loss, or reputational harm.\n\n\u201cOne thing we\u2019re not doing well is we\u2019re not auditing activities of individuals,\u201d Crouse said. \u201cPeople need that access and companies give it to them. But in the same sense, you have to audit and verify what they\u2019re doing daily to make sure they\u2019re doing their job and not outside their bounds and responsibilities. There\u2019s not a lot of trust but verify out there.\u201d\n\nWhile most insiders violate policy out of curiosity, there are some who have malicious motives and are either working alone or with someone on the outside to steal customer or company data or sabotage systems. Perceptions have changed about this too since 2011, the survey results say. For example, 33 percent of respondents said intellectual property was at risk today, compared to 12 percent three years ago. Business financial and customer information were the types of data at most risk, respondents said.\n\nWhat hasn\u2019t changed much since 2011 is the confidence level that respondents have in their company\u2019s ability to gain visibility into privileged insiders and determine policy compliance. Only 16 percent answered they were very confident, while 42 percent were not confident, largely because there isn\u2019t a unified view of privileged access.\n\n\u201cThat\u2019s a tough number to swallow,\u201d Crouse said. \u201cCompanies don\u2019t have a good sense of what privileged users are accessing, or how they are able to protect that information.\u201d\n\nInsiders, the survey said, are also not shy about using privileged credentials of others inside a company; there was a 26 percent jump from 2011 in the likelihood of malicious insiders targeting privileged users to obtain their access rights, compared to a 15 percent jump in outsiders using social engineering to do the same.\n\nOrganizations may ultimately owe Edward Snowden a debt of gratitude for raising awareness over insider abuse; 58 percent said Snowden caused a significant increase in organizations\u2019 level of concern over insider abuse, while another 31 percent admitted to a lesser level of concern.\n\n\u201cIt\u2019s a person problem, not a machine problem,\u201d Crouse said. \u201cCompanies have to shift priorities and money to protecting against the insider threat. The quantity of breaches from insiders is lower, but the financial, reputational and confidence impact is greater from insider attacks. A lot of people are just now recognizing it.\u201d\n", "published": "2014-05-20T12:42:36", "modified": "2014-05-20T16:42:36", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/enterprises-still-lax-on-privileged-user-access-controls/106180/", "reporter": "Michael Mimoso", "references": ["http://www2.trustedcs.com/Raytheon-PonemonSurveyResearchReport", "http://threatpost.com/snowden-surveillance-prompt-tech-companies-to-re-evaluate-privacy-attitudes/106127"], "cvelist": [], "lastseen": "2018-10-06T22:58:48", "viewCount": 3, "enchantments": {"score": {"value": 0.7, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.7}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645416134, "score": 1659805755}, "_internal": {"score_hash": "184c5caade3b28ce61aec29ddf3cc82b"}}

{}