Back to blog

Managing Insider Threats

January 6, 2020

by Jasmine Chennikara-Varghese, Pathlock Technologies

Employees are perhaps one of the most challenging security risks to the modern business landscape. Insider threat comes from those authenticated and authorized users performing potentially damaging activities from within your trusted landscape. While keeping the bad guys out is critical, the insider threats are harder to discern and happen even with the best security.

Who are these insiders? They are current or former employees or third-party users whose access into your critical systems, whether on-prem or in the cloud, is a security risk. The reality of having access to critical business systems makes their accounts vulnerable to compromise and privilege escalation by internal or external attackers. In many organizations, privilege escalation happens under the radar though privilege creep whereby employees end up with more access than needed as they cycle through the organization with different job roles and responsibilities. Then there are third-party users such as vendors, customers or consultants who share accounts or require admin level rights to perform certain activities on behalf of the organizations. Eventually when their employment, contract, or project ends, often the access is not terminated in a timely manner due to lack of an effective offboarding process, making departing insiders a significant risk.

A critical step towards containing insider threats is to understand your users and their access inside your applications. You need to know:

  • Are users being given the right privileges they need to complete their job responsibilities?
  • Are they using these privileges or entitlements in the applications as expected?
  • Is the access they are given excessive or no longer needed as job roles and organizational changes occur?
  • Is access locked for terminated users?
  • Are third party user accounts or service accounts making your applications more vulnerable and exploitable?

Addressing the risk of insider threat requires a multi-prong approach including a compliant, auditable automated process for managing and monitoring access.

  • Provision and deprovision based on least privilege model, granting access only as needed for the current job role.
  • Continuous tracking of assigned permissions to detect access risk violations.
  • Periodic user access reviews to verify required access especially if those privileges are not being used or result in a segregation of duties or other access risk violation.
  • Continuous monitoring of user actions against critical data in the business application whether on-premise or in cloud; commercial or homegrown.

Find out how Pathlock can help you mitigate insider threat by managing access rights and tracking user activities.