BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Beware of Geeks Bearing Gifts

December 7, 2017

  • Blog
  • Archive
To say that insider threat is an ancient problem is an understatement. The poet Virgil, circa 29BC wrote “…they pretend it's a votive offering: this rumor spreads. They secretly hide a picked body of men, chosen by lot there, in the dark body, filling the belly and the huge cavernous insides with armed warriors.” The text describes the original ‘Trojan Horse’ used as a subterfuge by the Greeks to enter the city of Troy and win a long running war. Modern information security has its own equivalent of “beware Greeks bearing gifts” where a seemingly benign person or even applications inside the perimeter are in fact a malicious actor. According to the latest edition of the highly regarded Verizon Data Breach Investigations Report, a quarter of all breaches (25%) are described as having “involved internal actors”. This description covers a wide range of insider threats from the gullible member of staff that has unwittingly given access to systems by sharing passwords, through to the disgruntled employee pilfering data before a planned exit – and all the way through to organized criminals that may have bribed, threatened or planted an accomplice within the target. The DBIR also notes that 51% of all breaches involved some type of criminal gang, a figure which has grown consistently over the last few years. So even though a quarter of all breaches have an insider component, the problem often fails to gain the exposure it potentially warrants. One issue is cultural – we like to believe that we can trust the colleague sitting next to us and corporate etiquette is a complex sea to navigate, especially around IT security. Another issue is a perceived inability to stop insider threat. According to a 2015 survey of 5,000 information security professionals conducted by The SANS Institute, only 31% of respondents believed that they “…have the ability to prevent/deter an insider incident/attack.” Although this low figure could be seen as an admission that the problem is too complex, the reality is that absolute prevention or deterrent of an insider threat is futile. Using the analogy of physically protecting a house against burglary – the locks on the doors, double glazed windows and the state of the art burglar alarm won’t stop a robber with a JCB (tractor) smashing down a wall, grabbing valuables and legging it. It also won’t stop an invited guest, pocketing a small yet valuable ornament without anybody noticing. Yet the protection of the physical perimeter makes the first attack less likely and placing a valuable ornament inside a locked display case deters the second insider threat. This hardening of the outside and inside approach should also extend to information security and does not require the purchase of every single “magic bullet” software tool or cloud security service to setup the basics. The reality is that many organizations are still failing to implement some of the fundamental measures that can protect against external and insider threat. For example, giving everybody administrator rights to applications that they have no need to administer is still surprisingly common. Unpatched operating systems are an issue, but they are easier to exploit for vulnerabilities if the attacker is already inside the perimeter on the internal LAN. Another issue is the lack of a joined up exit policy. If a staff member leaves, moves to another department, subsidiary company, takes maternity leave or sabbatical is there a formal process for passing details on to the IT department for suspending access credentials? Also, is there validation that this process has actually taken place? Enacting the above examples require no retooling and can be carried out using the built-in systems utilities of every operating system. Yet with the myriad of IT projects, compliance regulations and threat alerts – it is often hard focus on what will have the biggest impact in terms of reducing risk and mitigating damage of any type of attack. The simplest approach is to firstly audit who has access, to what applications and crucially why? Next, run a vulnerability scan to find out what are the issues across the environment and then fix the ones that are easiest to address first. Next, setup a workable least privilege environment using either built-in system admin tools or privilege access management (PAM) software. Although by no means the end of the journey, this approach will at least setup a foundation to build on. A final point regarding insider threat is that, at least in theory, nobody is above the rules when it comes to following sensible security policies. However, it is unwise to upset the IT department as ultimately they often have the skills and access credentials to reap the most damage as a disgruntled employee. As such, having an exit policy designed for very senior IT administrators is something that every HR person may want to consider. If you’re in the process of building your own privileged access management strategy, download this white paper ‘7 Steps to Complete Privileged Access Management’. And as always, contact us for more information. Editors note: This article was original posted on InfoSecurity Magazine.
Photograph of Brian Chappell

Brian Chappell, Director, Product Management

Brian has more than 25 years of IT and cybersecurity experience in a career that has spanned niche system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian leads the Product Management of the flagship Password Safe product globally, ensuring the delivery of a world-class, industry-leading Privileged Password and Session Management solution. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.