Privileged Use Also a State of Mind, Report FindsA new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset.
Most users with privileged access say they peek at their organization's sensitive or confidential data out of curiosity -- not as part of their work, a new study finds.
According to a Ponemon Institute report commissioned by Raytheon (registration required), 73% of privileged users -- network engineers, database administrators, security professionals, and cloud computing administrators -- say they are authorized to view all the information they can via their user privileges, and 65% of them do so merely because they are curious about the information.
"There's the human factor: [the ones] where it's not their job to go exploring. Over half are accessing that information just because they want to see what's out there," says Michael Crouse, director of insider threat strategies at Raytheon. "A person being curious and then exposes [data] could do damage to the company."
Crouse says the Ponemon report also shows how many of these users have a "sense of superiority" merely because they have such vast access to data in their organizations. "That tells me that's alarming to a CIO or CISO." The danger is that these entitled users may feel "above the law" and free to snoop at data unnecessarily.
According to the report, 83% of organizations say insider threats are worrisome, but they have trouble spotting potential insider threat activity. Nearly 70% say their security tools don't provide the analysis and context to determine intent behind incidents, and nearly 60% say their tools flood them with false positives.
Nearly half say a malicious insider likely could use social engineering or other ways to get another user's data access privileges, and 45% say outside attackers could socially engineer and target privileged users to gain access to their enterprise infrastructure.
Half of the respondents consider customer data most at risk, while 59% say general business information is in the bull's eye. A little more than 70% use authentication and identity management tools to track and manage insider threat issues.
"We've spoken to [enterprises] around the country and internationally, and they don't want to be the next Booz Allen" or government agency with a malicious insider, Crouse says. "They are trying to stay out of the limelight."
Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio