BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Insider Threats – Are They Just Human Nature?

Posted December 27, 2011    Peter McCalister

This week’s culprit of data misuse: Telstra, Australia’s leading telecommunications and information services company. It was reported that personal and account details of approximately one million customers were available on the Web – in plain sight for any Internet browser to see. While the mess is being called inadvertent, the potential damage to customers is the same, regardless if the breach was an accident.

On the other end of the spectrum from accidental insiders are intentionally malicious insiders. Even U.S. government entities are falling victim to these types of insider attacks. According to a recent CSO article, two employees at New Jersey Motor Vehicle Commission have been charged with identity theft after allegedly using their insider credentials to obtain personal identifiable information (name, addresses, social security numbers and dates of birth) of unsuspecting residents.

And also take into account that the Ponemon Institute along with HP just released a global survey titled “The Insecurity of Privileged Users” indicating that organizations continue to give too much user access to sensitive data. What a shock! The survey indicates that more than 60 percent of participants reported that privileged users access sensitive or confidential data out of curiosity, not job function. Human nature sometimes gets the best of us, and that should be reason enough for companies to make implementing least privilege a high priority.

Leave a Reply

Additional articles

IRS-Data-Breach

The tip of the IRS data breach – and it IS an iceberg

Posted May 27, 2015    Morey Haber

The IRS has been warned for decades about their security best practices. And now, at least 100,000 Americans have had their records compromised. How? The IRS uses a service called “Get Transcript”.

Tags:
, , ,
dave-shackleford-headshot

Tales from the Datacenter: Vulnerability Management Nightmares

Posted May 27, 2015    Dave Shackleford

Vulnerability scanning, threat management, risk analysis, patching, and configuration management are some of the major activities usually associated with vulnerability management, and none of these are new…so why are we failing so badly at many of them?

Tags:
, ,
Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.