Recent news reports found that Google fired dozens of employees from 2018 -2020 for abusing their access to company data. While insider abuse is not new, it is a growing threat and one that companies need to take seriously – especially industries that deal with sensitive or personally identifiable information (PII).
In the case of Google, the employees were fired for a range of abuses including mishandling confidential information or misusing systems to access or modify user/employee data. From the reporting, most of the incidents appear to involve individuals with privileged accounts.
Anyone with a privileged credential increases your risk of insider threats. For Google, while some of these insider threats may have been malicious, that is not always the case. Most insider threats are caused by user error. It could be a business user with privileged credentials who falls for a phishing attack. Or a user who has too many privileges and unwittingly accesses information they are not supposed to.
The challenge with privileged credentials is they provide access to a company’s most sensitive information and systems. Privileged users can modify, destroy or steal data. They can move laterally across a business network, evade detection, and cause serious damage to a business’s reputation. They also put a company in violation of compliance regulations.
As insider threats continue to increase, companies need to evaluate and perhaps update their privileged account strategy. Consider the following factors:
- How many privileged credentials do you have? Most companies have hundreds if not thousands of privileged accounts. And new privileged accounts are added regularly. Privileged accounts can be admin, domain, network, local, active directory, cloud, emergency, service to application accounts. They are often used by privileged users and by machines, IT systems, or cloud software. Companies need to find ALL these accounts and determine who has access to them and when. PAM software can help automate the discovery of privileged accounts. This way they can be stored in a virtual vault and you can manage/monitor them. By scheduling the discovery process regularly, companies can ensure new accounts are found and secured.
- Do your users have too many privileges? It is not unusual for users to be overly privileged. Users often have privileges to systems and data that are not required for their job. This is due to a lot of reasons – simply giving users more privilege or not changing privileges as employee’s jobs/roles change. Either way, it creates a lot of risk for a company. Companies should adopt a least privilege approach of restricting a user’s access to only those resources/permissions required to perform their job effectively. Again, PAM solutions are built around the principle of least privileged. They allow you to set rules and parameters for each privileged. Each account needs specific justification/approvals for accessing the target system or sensitive data for a specific time. With policy-based controls, you make sure that a user or system only has access to the target system/data they need, for a limited time and nothing else. The idea goal is rightsizing each privileged account to a specific task.
- Do you monitor privileged sessions? Once you lock down privilege accounts you still need to monitor and track the sessions. Not only is this required for auditing and compliance, but it can be used to identify and alert IT when there are suspicious activities. With PAM software, alerts can be set up for when systems are accessed, changed, or when passwords are reset. Alerts can be created around what users are sharing, using, or how they are modifying records. This helps identify both external and internal threats. Companies can take immediate action to stop or minimize the activity.
A recent Cybersecurity Insiders’ 2020 Insider Threat Report found that 68% of organizations confirm insider attacks are becoming more frequent. A strong PAM strategy can help reduce the risk of insider threats.
Limit Insider Abuse with PAM
Considering PAM software? Download a free trial of XTAM to get started or schedule a demo to speak with one of our experts to learn how XTAM can help you discover, secure, and monitor privileged access.