BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Nefarious and Angry Employees Still a Primary Threat to Organizations

Post by Peter McCalister March 26, 2012

A new Ponemon study reports that the number of data breaches caused by malicious attacksincreased from 31 percent in 2010 to 37 percent in 2011, with malicious insiders being responsible for 33 percent of attacks. In the report Ponemon states, “We think about the evil hacker, which is pretty serious stuff, but in our study, we find that it’s really the malicious insider – someone who’s nefarious or angry at the organization – that presents the real danger to the company.”

The study also reports that 39 percent of data breaches in 2011 were caused by negligent insiders. When you combine the threats posed by malicious and negligent employees, organizations of all sizes have cause for concern.

The good news is there are steps that can be taken to secure the perimeter within:

• Implement privileged identity management policies to create boundaries that enable end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege
• Implement a least privilege strategy, granting users only standard rights, but permitting elevation of privileges as required to enable them to do their jobs effectively
• Secure and monitor passwords for the ability to track and log their use, while having visibility into the granular details about when someone logged in, the keystrokes they performed and the information they accessed

With the right combination of policies and strategies in place, organizations can mitigate the opportunity for an employee – whether malicious or negligent – to take a risky action in the first place.

Leave a Reply

Additional articles

BI-5.1-user-asset-visibility-img

Understanding Who Has Access to What with BeyondInsight v5.1

Today, it’s my pleasure to introduce you to BeyondInsight version 5.1, the latest release of our IT Risk Management platform, which unifies several of our solutions for Privileged Account Management and Vulnerability Management. BeyondInsight v5.1 embodies BeyondTrust’s mission to give our customers the visibility they need to make smart decisions and reduce risk to their…

Post by Morey Haber April 15, 2014
Tags:
, , , , , , , , , , , ,

PowerBroker for Unix & Linux Now Available via Web Services

This week BeyondTrust released a fully functional Web Services interface (REST API) for its PowerBroker for Unix & Linux product.  With this new feature users of the solution will now be able to remotely and securely configure and retrieve data via the API.  The Web Services interface implemented by BeyondTrust is an industry standard that…

Post by Paul Harper April 10, 2014
Tags:
, , , , ,

Heartbleed – When OpenSSL Breaks Your Heart

You’ve likely heard about the recent OpenSSL vulnerability, CVE-2014-0160, dubbed Heartbleed. The main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. For a technical analysis of the bug, check out this…

Post by BeyondTrust Research Team April 8, 2014
Tags:
, , ,