At the core of the privileged user problem is this dichotomy: With greater access to a company's computer assets comes greater security risk. The privileged user can be a company's security enforcer but also its greatest security risk.
Put another way, if a privileged user wants to do bad things, their elevated access to the company network makes it easier for them. But even a well-intentioned privileged user poses high risks. When a system administrator or network engineer with elevated access clicks on a malicious link, because of their greater access to the network, it's far more likely to do company-wide damage than if an office manager without elevated access clicks on the same link.
The privileged user threat shows no signs of diminishing, in part because of economic pressures that have forced companies to try and do more with smaller staffs, leading to stressed out employees who are likely to be more careless about their use of elevated access privileges. And in today's environment companies have a greater responsibility to report data losses of all sizes, so data theft by privileged users on the inside attracts widespread attention with significant negative impacts on the company's reputation and stock price.
It all adds up to a realization by companies that the biggest cyberthreat to their organization may not be from an external attack. The most serious threat may be from an unknowing "privileged user" colleague right down the hall.
Mitigating the risk
Survey respondents said the two biggest challenges companies face when addressing insider threats are having enough contextual information provided by security tools (69%) and security tools that yield too many false positives (56%). Endpoint monitoring and auditing tools allow visibility and context, alleviating these challenges.
Additionally, the best approach to mitigating privileged user abuse is to develop a comprehensive and layered strategy that implements best practices, involves process and technology, and most importantly, involves a better understanding of human behavior. It is a common myth among IT management staff that auditing privileged user activity is too difficult and complicated.
The truth is that privileged user auditing does not have to be a complicated technical challenge if the auditing and monitoring process is flexible, policy-based, and provides irrefutable attribution to a particular privileged user. The knowledge alone that an organization uses auditing and monitoring technology is a huge deterrent against privileged user abuse. Many studies have been done to help identify best practices for mitigating the risk of privileged user threats.
While there are a variety of tools that address different aspects of privileged user security, there is no single technology that fully mitigates the problem. Gartner identifies solutions used for privileged account management (PAM) as a set of technologies enabling enterprises to address these specific needs:
Sign up for CIO Asia eNewsletters.