Vulnerabilities / Threats // Insider Threats
5/22/2014
04:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Privileged Use Also a State of Mind, Report Finds

A new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset.

Most users with privileged access say they peek at their organization's sensitive or confidential data out of curiosity -- not as part of their work, a new study finds.

According to a Ponemon Institute report commissioned by Raytheon (registration required), 73% of privileged users -- network engineers, database administrators, security professionals, and cloud computing administrators -- say they are authorized to view all the information they can via their user privileges, and 65% of them do so merely because they are curious about the information.

"There's the human factor: [the ones] where it's not their job to go exploring. Over half are accessing that information just because they want to see what's out there," says Michael Crouse, director of insider threat strategies at Raytheon. "A person being curious and then exposes [data] could do damage to the company."

Crouse says the Ponemon report also shows how many of these users have a "sense of superiority" merely because they have such vast access to data in their organizations. "That tells me that's alarming to a CIO or CISO." The danger is that these entitled users may feel "above the law" and free to snoop at data unnecessarily.

According to the report, 83% of organizations say insider threats are worrisome, but they have trouble spotting potential insider threat activity. Nearly 70% say their security tools don't provide the analysis and context to determine intent behind incidents, and nearly 60% say their tools flood them with false positives.

Nearly half say a malicious insider likely could use social engineering or other ways to get another user's data access privileges, and 45% say outside attackers could socially engineer and target privileged users to gain access to their enterprise infrastructure.

Half of the respondents consider customer data most at risk, while 59% say general business information is in the bull's eye. A little more than 70% use authentication and identity management tools to track and manage insider threat issues.

"We've spoken to [enterprises] around the country and internationally, and they don't want to be the next Booz Allen" or government agency with a malicious insider, Crouse says. "They are trying to stay out of the limelight."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/28/2014 | 8:55:14 PM
Monitoring
Nice paper here from SANS on setting up database logging and monitoring:

http://www.sans.org/reading-room/whitepapers/application/setting-database-security-logging-monitoring-program-34222

Surprised that the percentage using tools to track insiders isn't close to 100 in this and every other study with all the products that are out there.

BP

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 12:43:02 PM
Re: Privileged means bad
Absolutely. Even if these privileged insiders had no intention of sharing the information or leaking it, if they get targeted, then their credentials can be abused by the bad guys, etc. 
SachinEE
50%
50%
SachinEE,
User Rank: Apprentice
5/28/2014 | 12:36:00 PM
Re: Privileged means bad
It can be misunderstood as curiosity but in real senses it poses a danger to an organization. Think of an external party getting advantage of the 'privileged few' curiosity escapades and they get to access important and sensitive information about the organization. Things concerning their clients' personal details, their financial dealings, plan for the organization. This can pose as a threat since competitors' will bank on the information and use it to their advantage.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?