National Insider Threat Awareness Month: Well-Intentioned Insiders Can Sometimes Pose A Threat
Cybersecurity season is already here and September is National Insider Threat Awareness Month. We wanted to share some expert insights from Melody Ann J. Kaufmann, security specialist at Saviynt, for you to keep in mind. She touches on how insider threats originate not only from malicious insiders, but also from well-intentioned insiders that inappropriately or incorrectly utilize their privileged access.
She also describes how zero standing privilege environments can dramatically narrow the scope of an attack, outlining why it’s the first step that all organizations implementing a Zero Trust model must take. Read Melody's full commentary below:
“Large organizations spend an average of $17.92 million annually dealing with insider threats, according to a study by the Ponemon Institute. For years the principle of least privilege has been the de facto standard, but it still leaves security gaps. Insider threats originate not just from malicious insiders, but also from well-intentioned insiders that inappropriately or incorrectly utilize their privileged access. COVID-19 has catalyzed change throughout society even reaching into how we secure against insider threats. Least privilege is giving way to the new paradigm of zero standing privilege. The zero standing privilege model mandates that all privileged access is time-limited and deeply monitored. Instead of having standing administrative level accounts, zero standing privilege environments require access requests that elevated privileges temporarily and then automatically remove them after a set time period has elapsed. This dramatically narrows the scope of an attack in the following ways:
No insider has standing full administrative access to anything. This limits how much any single account can access and how much additional access could be self-granted.
Leveraging strong risk-based analysis of access requests helps to ensure that what users are accessing is not only acceptable for their job and roles but that it does not violate compliance requirements for the organization. This can be integrated with an automated human escalation of these requests to grant these special permissions when required or help alert to dangerous requests quickly.
When privileged access is granted, it goes through an analysis process to identify anomalous patterns such as requesting items outside of a normal role or requesting access at strange times. This can flag alerts that questionable behavior is occurring and allows for quick and efficient remediation.
Accidental launching of malware by a user or having their account compromised is less likely to run rampant throughout an environment as it did recently with Garmin and their mass ransomware infestation.
Zero standing privilege is a first step that all organizations implementing a Zero Trust model must take. Identity is the foundation of Zero Trust. Access requests are evaluated for appropriateness based on roles and permissions for an individual. Automation of this process through risk insights such as roles, peer usage, and group membership offers the most effective method of evaluating access risk. When risk-based metrics drive decision making, accurate analysis becomes the norm. Assessment accuracy is crucial to ensuring that compliance to appropriate regulations is not deviated from, and in the rare cases that it is informed approvers that are making decisions based on comprehensive contextual identity information before allowing a temporary elevation of access.”