Are Privileged Users the ‘Weak Link’ in Your Network Security?
If a group is really only as strong as its “weakest link,” then why are so many enterprises, which are otherwise concerned about their network security, so quick to add new “links”? Every new user that gains privileged network access increases the risk that one link in the chain could break, thereby jeopardizing the entire organization.
Two of the highest-profile companies in the world – eBay and Target – learned this lesson the hard way, after attackers were able to gain remote access to their networks by compromising just a handful of privileged user credentials. So, while the attacks were ultimately carried out by malevolent actors, they might have never occurred if not for unknowing accomplices on the inside.
“Privileged” users are called that for a reason. In some cases, they have unfettered access to system and network resources, as well as the protected information hidden behind these systems. There may be fewer controls over them. They can also remotely access the network, from any device, further escalating risk. They can be database administrators, data center operators, application developers or network engineers. The list goes on.
In some cases, after the dust settles from a breach involving a privileged user, these insiders are found to have had ill intent. Other times, something as seemingly harmless as an administrator misplacing a password, accidentally clicking on a malicious link or failing to log out of a system can lead to a devastating leak.
So, how widespread is the problem? It’s not enough to point to the eBay and Target breaches alone and conclude that the danger posed by privileged users is on the rise. What’s clear, though, is that companies aren’t doing nearly enough to insulate themselves from privileged user threats. Only 40 percent of IT budgets include funding to fight insider threats, making the looming threat against businesses even more clear.
Strength in Numbers?
As organizations face granting rights to more privileged users, Network World has identified three steps they can take to protect themselves from widespread privileged user abuse:
- Reduce privileged accounts, if possible, and manage those that are given out
- Train employees as to best practices for network security
- Monitor privileged user activity
If organizations follow these steps, they will build a self-sustaining culture of network security.
There’s another step though – developing a defense in-depth network security strategy. By building in redundancy and resilience to their security infrastructure, organizations protect themselves in the worst-case event that one defense mechanism fails. Anchoring a defense in-depth strategy should be a centrally managed VPN solution that uses encryption to protect data sent and received by remote users.
The central management aspect of VPNs is also key to protecting against insider threats because it makes it easier to deprovision users. Because of the Bring-Your-Own-Device (BYOD) trend, there have never been more devices connected to enterprise networks. Each new user escalates an enterprise’s vulnerability, meaning there’s really “unlimited risk potential” for enterprises. Any time an employee is dismissed, or a breach can be traced back to them, their device should be deprovisioned as soon as possible.
As the chain analogy showed earlier, there’s strength in numbers, but only if all users pull in the same direction. Or, as Network World explains this dichotomy: “With greater access to a company’s computer assets comes greater security risk. The privileged user can be a company’s security enforcer but also its greatest security risk.”