What’s trending in the cyber security industry? Identity Week sat down recently with Jonathan Sander, VP of Product Strategy at Lieberman Software and veteran cyber security expert, to discuss insider attacks, password security, and lessons learned from major data breaches.
Ponemon highlights a number of items that are absolutely excellent to focus on as a security program. However, nowhere on their list did they make room for truly preventative measures like securing privileged credentials.
We’ll likely never eliminate all security threats, but with a sound, layered cyber security approach we can reduce their impact. And when it comes to mitigating the risks of negligent insiders, organizations need to move beyond basic IT security training and look for ways to limit the damage.
The fact is, many of the organizations that are so fixated on perimeter security give implicit trust to anyone who walks through their doors. During my career in cyber security, I’ve seen pervasive administrative access granted to most anyone for anything. This in turn gave rise to the Terry Childs and Edward Snowden incidents…
According to data we’ve sifted from our survey of attendees at RSA Conference 2013, 45% of IT workers have snitched on co-workers they’ve caught breaking corporate IT rules or accessing sensitive company information they’re not authorized to see. Of course this means that most of the survey respondents – 55% – admit they’ve turned a blind eye to colleagues they’ve caught in these same acts.
I’ve been in the security software industry for many years and my company focuses on privileged identity management, so it kills me every time I get a call from a potential customer telling me that they suffered a breach because of a lack of common sense and need our help to get things back under control.
For argument’s sake, let’s say within your workforce is an individual down on his luck and desperate enough to do something out of character. Your IT security measures prevent your systems from harm – don’t they? Let’s take a short quiz to see if you’re right.
A good way to begin limiting the insider threat is by making the almost paranoid assumption that every machine in the organization is compromised and every employee is malicious.
I recommend consulting with your IT department about how to handle BYOD. IT may hate the idea, but they have to deal with it in cooperation with senior management, and two-way communication is the key to solving this problem.
A recent post in Slashdot referenced our password security survey, which found that out of 300 IT professionals surveyed, 26 percent admitted to using their privileged login rights to look at confidential information they should not have had access to in the first place.