Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

12/9/2014
04:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Employees Still Get More Access Than They Need

Two surveys show how little enterprises enforce and track least-privilege policies.

Two new surveys out today show how easy enterprises make it for attackers to steal vast quantities of data with just a few successful breaches of employee machines: Employees typically are given far more access to sensitive data than they need to get their jobs done, and enterprises don't do enough to track access behavior.

That failure to enact the very fundamental security principle of auditable least-privilege only increases the risk profile of the employer.

The first report comes by way of the Ponemon Institute, which queried more than 1,000 end-users and 1,000 IT professionals about access patterns, on behalf of Varonis. It showed that among the 1,100 users surveyed, over 70 percent report that they have access to company data they shouldn't be able to see. And of those, more than half report that they use that access frequently. At the same time, among the IT professionals surveyed by Ponemon, four out of five of them report that their organizations don't enforce strict least-privilege data models.

Another survey, conducted by Courion among 35,000 IT executives, found those queried a little more initially optimistic about their enterprise least-privilege practices. Just over 70 percent reported that they thought their organizations enforced least-privilege policies. However, digging in further, approximately 43 percent did say that their organizations are unaware when access privileges are increased or when access behavior is anomalous.

The difficulty with offering too much access and failing to audit access behavior is twofold. Not only are there the natural worries of insider threats, but there is also the even more plausible concern about account privileges being misappropriated by outside attackers.

"This research surfaces an important factor that is often overlooked: Employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences,” says Larry Ponemon, chairman and founder of The Ponemon Institute.

According to the Courion survey, 97 percent of IT pros say that misused or stolen access credentials provide the network entry point for hackers. And just under a third of them say they're confident that their organizations are able to detect improper access.

Often when organizations lack the capabilities of granularly limiting or auditing access, they tend to default toward more open access models so as not to impede productivity. However, the more access that is provided, the higher likelihood that a small breach of an employee machine will escalate into a network-wide breach of sensitive data stores. Many enterprises find it difficult to strike a decent balance between strong identity and access management (IAM) and user work efficiency, says Kurt Jonson, vice president of corporate strategy for Courion.

"IT security executives are under tremendous pressure to provide open access to stakeholders while at the same time controlling access risks in the face of constant attacks," he says. "Beyond perimeter defense, effective identity and access management is the answer to minimizing the likelihood or impact of a data breach, and IAM is made much easier with the diagnostic capabilities of identity analytics and intelligence."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
aws0513
50%
50%
aws0513,
User Rank: Ninja
12/10/2014 | 8:27:18 AM
Ghosts of the past return to haunt
Our biggest causes for least privilege policy failures for us has been
  • Situations where people were positioned in roles that provided specific access, then gained another role, and then at some point they were removed from the first role without notifying our IT access provisioning team.
  • Manpower drawdowns where an office reduces to only a small percentage of the original staff.  This has the affect of expanding accesses for those who remain AND impacts situations where separation of duties is a factor.

We are working on cleaning up processes around the first item, but the second item is a different kettle of fish.
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...