Depending on your generation (read “age”), you either know this as a classic David Bowie song and album (yes, vinyl did exist once) or an incrediblesong by Nirvana during their MTV Unplugged performance. Since I’m on a classic rock roll (pun intended) and just saw yet another article on an insider selling corporate assets, I thought I should write a bit more about the temptations of the “over privileged”.
Yep, it’s true: power corrupts and absolute power corrupts absolutely. That may be a bit cynical, but should you really trust your corporate IT assets to just any employee who could potentially decide either on their own or with the help of your competitor, to copy, damage or delete your data for fun and profit?
This is not as uncommon as you may think. According to the 2010 Data Breach Investigation Report by Verizon with the US Secret Service:
- 48% of all data breaches were caused by insiders, this is up 26% from 2009
- 48% also involved privilege misuse, and
- 98% of all data breaches came from servers
We have also reported extensively on examples ranging from Mozilla to Vodaphone. Linux.com published the Top Five Insider Attacks of the Decade and if that isn’t enough to scare you into implementing a privilege identity managment solution, eliminate admin rightsfrom desktops, servers, virtual and cloud environments and establish “least privilege” enterprise-wide, then nothing will.