It’s been more than three years since Edward Snowden perpetrated the largest leak of classified information in United States history. With the movie coming out soon, it’s a good time to remind everyone about how the techniques he used for hacking, copying and storing volumes of critical information – and especially his use of privileged credentials – demonstrated weaknesses in cybersecurity protection. Once obtained, and used inappropriately, the story of his insider threat espionage proved we were not doing enough to protect users, accounts, and credentials.
Ready to take the next step in assessing your organization’s risk of a Snowden-style crime? Download our 2016 definitive Privilege Access Benchmarking Study today.
Or should I say, we are not doing enough? It’s surprising how little has changed three years on.
To understand how widespread the insider threat is, BeyondTrust has embarked on several privilege studies throughout the past few years to capture the risk of privileges by industry. For 2016, the definitive BeyondTrust Privilege Benchmark Study has revealed that the threat is still very real and that the disparity in maturity is staggering.
Statistics from the survey reveal fragmentation around the potential threat they face by maturity of the vertical (low end verses high end tiers as described in the complete survey).
Why is this still the case?
Highly regulated environments such as financial and healthcare fall into the high end tier but manufacturing and others just do not have the drive to solve this problem without a compelling event such as regulation, outage, or breach. What is more curious is that government entities should fall into the high end but prove that a true insider threat, with malicious intent, is still possible without the proper checks and balances, audits and reporting, and overall access accountability. Snowden proved that unmonitored access, even with his or someone else’s account, when left unchecked can cause a great deal of damage.
Where do we go from here?
His insider knowledge, coupled with unmonitored security controls, allowed Snowden to have privileged access to sensitive information that he leaked. The simple facts are that he:
- Hacked his own place of employment
- Leveraged unmonitored privileged access to copy and exfiltrate sensitive information
- Used the information to cause significant damage
These three facts could happen to any other organization or business. The BeyondTrust Privileged Access Benchmark Study proves that most organizations are still not maintaining privileges well, are not monitoring when those credentials are used, and not considering the threats of other users knowing account credentials. All three the basic points Snowden used.
It is time we consider the threats from inside.
Here are five quick steps to improve the maturity of your privileged access management strategy using the guidance from the best PAM practitioners:
- Be granular: Implement granular least privilege policies to elevate applications, not users.
- Know the risk: Never elevate an application’s privileges without knowing if there are known vulnerabilities.
- Augment technology with process: Reinforce enterprise password management hygiene with policy and an overall solution. As the first line of defense, establish a policy that requires regular password rotation and centralizes the credential management process.
- Take immediate action: Real-time monitoring and termination capabilities are vital to mitigating a data breach as it happens, rather than simply investigating after the incident.
- Close the gap: Integrate solutions across deployments to reduce cost and complexity, and improve results. Avoid point products that don’t scale. Look for broad solutions that span multiple environments and integrate with other security systems, leaving fewer gaps.
Ready to take the next step in assessing your organization’s risk of a Snowden-style crime? Download our 2016 definitive Privilege Access Benchmarking Study today.
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four books: Privileged Attack Vectors, Asset Attack Vectors, Identity Attack Vectors, and Cloud Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.
