Vulnerabilities / Threats // Insider Threats
5/22/2014
04:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Privileged Use Also a State of Mind, Report Finds

A new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset.

Most users with privileged access say they peek at their organization's sensitive or confidential data out of curiosity -- not as part of their work, a new study finds.

According to a Ponemon Institute report commissioned by Raytheon (registration required), 73% of privileged users -- network engineers, database administrators, security professionals, and cloud computing administrators -- say they are authorized to view all the information they can via their user privileges, and 65% of them do so merely because they are curious about the information.

"There's the human factor: [the ones] where it's not their job to go exploring. Over half are accessing that information just because they want to see what's out there," says Michael Crouse, director of insider threat strategies at Raytheon. "A person being curious and then exposes [data] could do damage to the company."

Crouse says the Ponemon report also shows how many of these users have a "sense of superiority" merely because they have such vast access to data in their organizations. "That tells me that's alarming to a CIO or CISO." The danger is that these entitled users may feel "above the law" and free to snoop at data unnecessarily.

According to the report, 83% of organizations say insider threats are worrisome, but they have trouble spotting potential insider threat activity. Nearly 70% say their security tools don't provide the analysis and context to determine intent behind incidents, and nearly 60% say their tools flood them with false positives.

Nearly half say a malicious insider likely could use social engineering or other ways to get another user's data access privileges, and 45% say outside attackers could socially engineer and target privileged users to gain access to their enterprise infrastructure.

Half of the respondents consider customer data most at risk, while 59% say general business information is in the bull's eye. A little more than 70% use authentication and identity management tools to track and manage insider threat issues.

"We've spoken to [enterprises] around the country and internationally, and they don't want to be the next Booz Allen" or government agency with a malicious insider, Crouse says. "They are trying to stay out of the limelight."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/28/2014 | 8:55:14 PM
Monitoring
Nice paper here from SANS on setting up database logging and monitoring:

http://www.sans.org/reading-room/whitepapers/application/setting-database-security-logging-monitoring-program-34222

Surprised that the percentage using tools to track insiders isn't close to 100 in this and every other study with all the products that are out there.

BP

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/28/2014 | 12:43:02 PM
Re: Privileged means bad
Absolutely. Even if these privileged insiders had no intention of sharing the information or leaking it, if they get targeted, then their credentials can be abused by the bad guys, etc. 
SachinEE
50%
50%
SachinEE,
User Rank: Apprentice
5/28/2014 | 12:36:00 PM
Re: Privileged means bad
It can be misunderstood as curiosity but in real senses it poses a danger to an organization. Think of an external party getting advantage of the 'privileged few' curiosity escapades and they get to access important and sensitive information about the organization. Things concerning their clients' personal details, their financial dealings, plan for the organization. This can pose as a threat since competitors' will bank on the information and use it to their advantage.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.