Privileged IT users pose the greatest internal security risk
Written by staff reporter
More than a third of IT professionals (35%) see themselves as the biggest internal security risk to networks within their organisation, according to research from IT security firm Balabit.
Whilst HR and finance departments are the easiest target for social engineering, it is in fact IT staff who pose the biggest insider risk to networks, whether caused by accidental or intentional actions. This is largely due to IT staff often possessing higher access rights than other users, including access to business-critical data through the IT systems they manage and control, making them a prime target for cyber criminals.
The survey - carried out in the UK, US, France and Eastern and Central Europe - focused on attitudes to insider threats and the misuse of privileged credentials. From a security analytics perspective, 47% of IT professionals considered the time and location of login the most important user data for spotting malicious activity. This was closely followed by private activities using corporate devices (41%) and biometrics identification characteristics, such as keystroke analytics (31%).
The research also highlighted the most valuable assets for hackers and found that, unsurprisingly, personal employee data is the most valuable data (56%), as this can be easily sold. However, this is closely followed by customer data (50%) and investor and financial information (46%).
Csaba Krasznay, product manager at Balabit, said: “As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organisations – often via hacks involving stolen credentials. Today, IT security professionals’ tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights.”
He explained that privileged user accounts are perfect targets for intruders and therefore pose the highest risk, adding that IT professionals need to quickly detect any suspicious or abnormal activities in order to prevent data breaches. “The more user activity data that is analysed, the better. Knowing the time and location of login, and which applications and devices are in use is critical, but analysing the users’ keystroke dynamics and mouse movements is the feature that really enables security analysts to detect a hijacked account, usually within 20 seconds or 200 characters. And once they receive an alert based on a risk score, they can terminate the session if necessary.”