End users are increasingly emerging as an insider threat

Organizations today face challenges when it comes to managing their IT infrastructures. Outside of keeping up with the latest trends and hardware, the constant wish lists from users, and trying to manage a never-ending list of projects, keeping all of this running securely is more difficult than ever.

Hackers and scammers outnumber IT and security professionals. Breaches resulting from insider misuse are increasing. Look no further than the 2015 Verizon Data Breach Investigations Report for confirmation of this. This year’s data shows that 10.6% of confirmed data breaches resulted from insider misuse, up from 8% in 2013. The percentage of incidents that came from insider misuse was 20.6% up from 18% in 2013.

But here is the rub. Breaches involving the end user are increasing, yet those from system administrators are decreasing. A whopping 37.6% of insider abuse incidents involved the end user in 2014, up from 17% last year. On the upside, however, only 1.6% of incidents were attributed to system administrators this year, down from 6% last year.

While breaches – especially those from insider misuse – are increasing year over year, all of the tools, process and technology put in place to control and manage administrator access to systems and data might actually be delivering on their intended purposes. However, this focus has come at a cost – end users are increasingly emerging as a greater insider threat. Organizations must tackle this challenge immediately. But how?

Desktop least privilege reduces risks

One way to close end user security gaps while ensuring that the user population still maintains the access they need to do their jobs (and IT to maintain their sanity), is to implement least privilege. The challenge, though, for many organizations is that most do not have the same level of least privilege management applied across their heterogeneous environments. Because of the preponderance of these platforms, you may have some controls in place for Windows, Unix and Linux machines, but very little for Macs. Inconsistency reigns supreme.

Why Macs can be an unknown – and growing – risk

The use of Mac devices at the enterprise level has increased dramatically over the past few years, with a reported 11% of all devices shipped in 2014 being Mac OS. In addition to companies purchasing these devices for their users, Bring Your Own Device (BYOD) is growing at a fast rate, and many of these users opt for Macs in their personal lives. The increased use has put a spotlight on the lack of security controls realistically available for Macs.

Historically, Mac devices have been the exception when it comes to security policies. Yes, you can install anti-virus tools, enforce a common configuration, and deliver an acceptable use policy to your workforce. These are all necessary components, but are they enough?

Just as in Windows, a user on a Mac OS machine can be a privileged or non-privileged user, or root or standard. In a properly configured security model, most users would be non-privileged users. Unfortunately, when doing so, you also severely limit those users from performing routine tasks that are part of their job. You could hire an army of techs who do nothing but respond to privilege requests, but that is not financially sustainable.