Privileged credentials are the keys to the IT kingdom. That phrase has been repeated so much in recent years it’s bordering on marketing hyperbole. But there’s a reason it’s become part of the cybersecurity lexicon.
Privileged credentials grant access to install and administer programs, modify system configuration settings, and view data on machines throughout the network. Employees in IT and security are generally more likely than others in their organizations to have privileged access to manage IT resources. But with this elevated access comes the increased possibility of being able to access and view files they aren’t supposed to see. And that means users with privileged access are potential insider threat risks.
But is this a significant problem? How often does it occur? We set out to answer those questions in a survey we conducted among attendees at RSA Conference 2020, the popular annual even that attracts top IT security talent from around the world.
What did we learn in our RSA Conference Survey? 63% of those surveyed admitted to accessing company documents that have nothing to do with their job roles. When we looked at vertical specific data, this number rose to 78% in the manufacturing industry. Those are sobering numbers because they show that even knowledgeable cybersecurity professionals are likely to engage in the type of actions associated with insider threats
Of course, all functional organizations want to ensure that their workers can access the resources they need to efficiently do their jobs. The challenge comes in providing proper, audited access management and provisioning for each employee.
What typically happens in most organizations is that too many people end up with too much access to systems and applications that aren’t relevant to their roles. That means unauthorized individuals might have access into valuable resources they’re never supposed to see. This increases the possibility of critical information being stolen or leaked. And even if the employee does not intend to abuse his elevated access, it becomes a threat vector in and of itself if a cyber criminal compromises his account.
According to the Verizon Data Breaches Investigation Report, privilege misuse and errors by insiders account for 30% of overall breaches. That’s why analyzing the behaviors of employees with privileged access to identify actions indicative of insider threat risk is crucial for protecting sensitive data.
Too Many Shared Credentials
Given these findings, you may be wondering what other aspects of access are misused by IT security staff. Here’s what we discovered. About one in eight (16%) respondents are guilty of sharing their login credentials with coworkers . This figure spikes to 43% among retail workers.
Credentials are sometimes shared amongst groups for convenience. Even though this practice might make things easier, it’s still a risky action. Despite what we hear about the coming passwordless age, passwords and other credentials remain the most common way to verify identities to gain access to IT resources. And that’s why credentials – particularly privileged credentials – are coveted by criminals in almost every cyberattack and by malicious insiders who want to steal valuable data.
Password security – especially with regard to admin and other privileged passwords – is an integral element of a successful cybersecurity program. Frequently changing, unique and complex passwords are the best ways to thwart attackers. But these safeguards are irrelevant any time someone shares their login credentials with a coworker.
This is just a quick glimpse into the data from our RSA Conference survey. Get all the details on these findings, as well as other measured aspects of risky user behavior, by downloading our survey report What’s Your Risk Score?