Clearly the threat presented by online criminals is now well beyond the realm of big business, financial institutions or even private companies; it now involves industries linked inextricably to our everyday existence – from power operators to telecommunications providers. In a joint communiqué, the government and regulators pledged, among other items, to adopt the security standards set by GCHQ’s ‘10 Steps to Improve Cyber Security plan’. Importantly, one step calls out the need to manage the access rights of ‘privileged users’.
The risk presented by unmanaged, and unmonitored, privileged user accounts has rightly leapt to the fore in recent months – not least in thanks to the archetypal example of Edward Snowden. Privileged users – typically assuming the titles of computer system administrators and the like – are a special concern because of the often unhindered access to systems and data typically associated with these roles.
The uncomfortable reality is that privileged insiders exist in every organisation and, while their presence is essential to the running and maintenance of corporate networks, their powerful network access rights often enable their user accounts to perform actions they simply should not be able to. The risk arises when these privileged accounts have access to read, copy or change documents – this is also why they are a strategic and alluring target for perpetrators of cyber-attacks like APTs.
Unfortunately, the swathe of data breaches at the moment are proof enough that far too many organisations are still floundering to protect themselves from abuse of this nature. It’s worthwhile remembering that the breaches affecting both US retailer Target and the Korea Credit Bureau (KCB) in recent weeks involved network access abuse.
Of course, it is not strictly privileged users that pose a threat, but indeed all users that have access to sensitive information. For example, an accountant with access to company financial records or a HR administrator with access to employee data have legitimate access needs, but compromises in these types of accounts can also have serious consequences. Unfortunately, traditional IT security defences are futile in protecting against the security risks posed when privileged user and other accounts are compromised. In effect, the ‘bad guys’ are then already within company walls and their actions are masked behind legitimate user accounts.
It must be remembered that the most valuable data an organisation has typically sits at the server / data centre level and the underlying operating systems in this part of the IT infrastructure have been designed in such a way that there is weak separation of duties between users. Often, the root or system administrators have inherent ‘god mode’ access to the data. Organisations need to ensure they have technology in place that allows users to perform their operational role of running the systems but prevent them accessing the data files themselves.
By choosing solutions that prevent admins from reading or editing the information in data files greatly reduces the risk of a breach.