It’s coming from inside the building! Organizations are beset by threats from all sides, but in reality the largest security vulnerabilities are internal, underestimated, and often unseen. Identity Automation CTO Troy Moreland explores different types of threats originating from employees themselves and identifies steps companies should take to mitigate the serious risks they pose.
11. Mitigation Steps
● Define risks
● Prioritize risks
● Recommend controls
● Prioritize control actions
● Select controls
● Implement control actions
● Review and refine control actions
12. Identify Threats and Define Controls
(1)
Risk
(2)
Risk
Level
(3)
Recommended
Controls
(4)
Action
Priority
(5)
Selected
Controls
(6)
Required
Resources
(7)
Responsible
Team/Person
(8)
Start Date/
End Date
(9)
Maintenance
Requirement/
Comments
Unauthorized
users can telnet
to XYZ server
and browse
sensitive data
High - Disallow
inbound telnet
- Disallow world
access to
sensitive
company files
- Disallow the
guest or assign
hard-to-guess
password
High - Disallow
inbound telnet
- Disallow world
access
- Disallow guest
10 hours to
reconfigure and
test the system
John Doe, XYZ
server admin
Jim Smith,
firewall admin
9-1-2010 to
9-2-2010
- Perform
periodic system
review and
testing to
ensure
adequate
security
15. “According to a report from the Identity Theft Resource
Center the number of data breaches in 2014 increased
27.5 percent over the previous year.”
16. “In a recent USA Today article, Michael Bruemmer, vice
president of consumer protection at credit information
company Experian Consumer Services, pointed to a
relatively unknown breach in Korea where a worker at the
Korea Credit Bureau hacked into a database and stole
27 million records containing personal and credit card
information.”
17. “JPMorgan Chase & Co., which has racked up more than
$36 billion in legal bills since the financial crisis, is rolling
out a program to identify rogue employees before they
go astray, according to Sally Dewar, head of regulatory
affairs for Europe, who’s overseeing the effort. Dozens of
inputs, including whether workers skip compliance
classes, violate personal trading rules or breach
market-risk limits, will be fed into the software.”
18. Verizon 2014 Data Breach Investigations Report:
"61% of breaches were direct hacking
- Targeting individual accounts (Passwords
hacked, privileges gained for authorized access)"
“18% of incidents were insider misuse:
- Inappropriate or malicious use of privileges”
19. “89% of employees retained access to at least one app
from a former employer”
“66% had access to corporate data via cloud apps after
they left the company”
“45% retained access to ‘confidential’ or ‘highly confidential’
data”
“49% logged into an account after leaving the company”
30. Insider Threats Risks
● Lack of access governance
● Manual identity provisioning/de-provisioning
● Existing access never removed
● Access campaigns too cumbersome
● Too many passwords and complex policies
● Limited use of multi-factor authentication
● Too many back door accounts
● ...
40. Action Items
Next 30 Days
❏ Download this presentation
❏ Identify Insider Threats
Next 60 Days
❏ Define Controls to Mitigate Insider Threats
Within 6 Months
❏ Implement Control Actions (RapidIdentity)