Insider threats and the misuse of privileged credentials

35% of IT professionals see themselves as the biggest internal security risk to networks within their organisation, according to new research from Balabit.

insider threats

Biggest insider risk

IT professionals may understand what their most valuable assets are, but they are still struggling to safeguard IT assets against the unpredictability of human behaviour.

Whilst HR and finance departments are the easiest target for social engineering, it is in fact IT staff who pose the biggest insider risk to networks, whether caused by accidental or intentional actions. This is largely due to IT staff often possessing higher access rights than other users. This includes access to business-critical data through the IT systems they manage and control, making them a prime target for cyber criminals.

The global survey, undertaken in the UK, US, France and Eastern and Central Europe, examines attitudes to insider threats and the misuse of privileged credentials.

Spotting malicious activity

From a security analytics perspective, 47% of IT professionals considered the time and location of login the most important user data for spotting malicious activity. This was closely followed by private activities using corporate devices (41%) and biometrics identification characteristics, such as keystroke analytics (31%). IT professionals are recognising the importance of capabilities which can detect the growing threat from insiders and compromised privileged accounts.

When asked which security technology they would implement in the next year, regardless of budget, nearly one fifth of security professionals said they plan to use analytics to track privileged user behaviour.

Within the privileged user network, IT professionals listed sysadmins as the biggest threat (42%) followed by c-level executives (16%). While these executives typically have limited IT skills, their credentials are worth more to hackers than any other group.

insider threats

Most valuable assets

The research also highlighted the most valuable assets for hackers and found that, unsurprisingly, personal employee data is the most valuable data (56%), as this can be easily sold. However, this is closely followed by customer data (50%) and investor and financial information (46%).

“As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organisations – often via hacks involving stolen credentials,” said Csaba Krasznay, Security Evangelist, Balabit. “Today, IT Security professionals’ tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights.”

“Privileged user accounts are perfect targets for intruders and therefore pose the highest risk. IT security professional need to quickly detect any suspicious or abnormal activities in order to prevent data breaches,” Krasznay continued. “The more user activity data that is analysed, the better. Knowing the time and location of login, and which applications and devices are in use is critical, but analysing the users’ keystroke dynamics and mouse movements is the feature that really makes enables security analysts to detect a hijacked account, usually within 20 seconds or 200 characters. And once they receive an alert based on a risk score, they can terminate the session if necessary.

Don't miss