How Privileged Access Management Combats Insider Threats

How Privileged Access Management Combats Insider Threats

How can privileged access management combat insider threats? What capabilities help prevent data breaches coming from inside your own enterprise? 

While National Insider Threat Awareness Month takes place in September, your enterprise must stay aware of the risks. Without proper privileged access management, insider threats could seriously damage your workflows and databases. Moreover, insiders constitute an ever-present danger to your enterprise. According to the Verizon Insider Threat Report, 20 percent of cybersecurity incidents and 15 percent of data breaches began with internal attackers.

Of course, the damage of an insider threat matches if not exceeds the damage of an ordinary breach. That could mean millions of dollars in fines, legal fees, and lost reputation with customers.   

So what can you do? 

First, Understand What Insider Threats Want

Before we can examine the full power of privileged access management to combat insider hackers, we need to know what they want. 

On the one hand, the majority of hackers want the same things, regardless of external or internal operation: money. While the prevalence of data breaches can obscure this fact, hackers are just criminals in digital form. Every leak of sensitive data exposure or credential stuffing attack ultimately serves to line hackers’ pockets. 

The majority of insider threats want money, and abuse their privileges to get more of it; hence why so many hackers sell stolen data on the Dark Web. However, you need to consider the other reason insider threats persist: malice. 

Unfortunately, many insider attackers begin as disgruntled employees. Maybe for a real wrong or a perceived wrong, they decide to exploit their permissions to inflict harm on your business. 

Now that you know what internal hackers want, how do you stop them?

Key Privileged Capabilities in Combating Insider Threats 

Understanding the Privileged Access Landscape

Visibility matters to cybersecurity, perhaps more than any other capability. The old adage states, “you can’t protect what you can’t see.” Of course, the same applies to the privileged accounts in your network. 

In other words, you need to know where your privileged accounts exist in your IT infrastructure.  Unfortunately, many enterprises struggle with uncovering all of the privileged accounts in their networks. In fact, a good percentage of them never bother to find all of the superusers connected to the network. 

This problem becomes increasingly dangerous when considering insider threats. With the right permissions, users could create backdoor accounts to avoid proper monitoring or access control. Additionally, privileged users can, in fact, create new privileges for themselves if not properly monitored. Insider attackers can use any of these permissions to their malicious advantage.  

To combat these challenges, you need the right privileged access management. First off, you need a comprehensive inventory of all the privileged accounts in your network. This enables you to effectively monitor all of the users, know who they are, and what they can access. 

Further, this enables auditing on a regular basis. Auditing enables you to uncover the privileged accounts which may otherwise remain hidden, and enact governance.            

Of course, this ties into another key privileged access capability.

The Principle of Least Privileges

The Principle of Least Privileges describes a security value which states that users’ permissions should remain limited to the essentials. In this case, “essentials” refers to only what a user absolutely needs to perform their job functions. For example, the head of your finance department may have access to all financial databases, but no access to HR databases.

If a user needs more permissions, your enterprise should have a straightforward procedure for access requests. With proper identity security, you can evaluate the legitimacy of these access requests, grant temporary permissions, and remove them promptly.      

Additionally, the Principle of Least Privilege ties into a zero-trust policy. This states that you must always verify users but never trust them—in other words, you can never solely rely on one-time authentication. You can instead enact continual authentication, which helps ensures insider threats can’t just bypass your monitoring because they have credentials 

Again, this ties into another feature of privileged access management

Behavioral Analysis Combats Insider Threats

Behavioral analytics can also help defend against insider threats by recognizing when activities become suspicious. This technology uses machine learning to analyze user behaviors and establish a baseline of “normal” activity.  As long as the user continues to operate according to this baseline, the system allows it. However, it recognizes deviations and abnormal behaviors and alerts your IT security team. Therefore, your IT team can see whether the user’s activities correspond to a new project or whether it represents an insider threat.   

But we need to address the number one problem contributing to insider threats.  

Stop Allowing Shared Accounts

If you see this, stop this. Stop it immediately.

Users tend to share their passwords with each other to facilitate their work processes. As a result, your enterprise may not have any accountability or monitoring over the users via their credentials. 

Additionally, you need to consider whether users may write down their passwords either on paper or on documents. Even if your users don’t deliberately share their passwords, the unscrupulous can still exploit these vulnerabilities. After all, they are all in the open.    

Sharing passwords allows insider threats access to databases far beyond their normal capabilities. In fact, it causes problems with access control in general, making threat attribution a serious challenge. 

Privileged access management discourages password sharing through several capabilities. First, it does so by enforcing multifactor authentication. Since multifactor authentication asks for multiple factors before granting access, employees can’t just use passwords to access each others’ accounts. Insider threats need to jump through many more hoops before achieving their malicious goals with multifactor authentication. 

Second, privileged access management also passively encourages employees not to write their passwords down. Capabilities like password managers can automatically fill in passwords without breaking encryption; simultaneously, it encourages more complex passwords and regular password rotation to prevent stagnation. 

How to Learn More

Be sure to check out our 2019 Privileged Access Management Guide for more on preventing insider threats. We cover the key solution providers and their key capabilities. You can also check out our 2019 Identity Management Buyer’s Guide.

 

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner