When most businesses think of security, the most they think about is a firewall between the corporate network and the Internet. The internal corporate network is often very open to make it easy for people to work. The firewall on the outside is kind of like a hard exterior with a squishy inside -- nice for a piece of candy, not so nice for the security of your data. In fact, the IT community has long debated whether the threat of an internal or external attack is of greater concern for companies.
Despite the lesser likelihood of being attacked by insiders, these "inside jobs" generally cause significantly more damage because the hackers have greater access. Case in point: The recent AshleyMadison.com hacking. This hack potentially exposed more than 37 million user account details and was an inside job. Internal attacks cost businesses in the U.S. $400 billion per year, according to a national fraud survey conducted by The Association of Fraud Examiners. Of that, $348 billion can be tied directly to privileged users.
Let’s define a privileged user – the dictionary says it is defined as: “a user who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users." For a lot of networks that we manage, we audit the user security and find several user accounts are granted full administrator rights. This is often done to the business owner’s user account among others. Seems to make sense, the owner should have full rights to everything on the network.
Whether these accounts are used for nefarious acts by the account owner or not, they certainly can be exploited by anyone else inside or OUTSIDE the company!
So what can you do to monitor and manage your privileged users at your company?
Security is your concern. On the networks we manage, we regularly review these points above to make sure our client’s networks aren’t too squishy. If you’d like us to check your network, give us a call at 954-920-9604 and we’d be happy to take a look and give you a bit of advice.