Columbia Sportswear suing its departing IT Senior Director after he created a dummy account on Columbia’s computer system and used it to access corporate data hundreds of times? Péter Gyöngyösi, Product Manager at Balabit commented below.
Péter Gyöngyösi, Product Manager at Balabit:
“Even though such stories don’t usually get as much publicity as large-scale data breaches, rogue insiders, departing or disgruntled executives and technology people have long been the nightmare of the security staff at any enterprise. This is reflected in the findings of research released by the Ponemon Institute last week who, after surveying security experts across the field, found that malicious and negligent insiders are considered the greatest sources of potential cybersecurity risk. It’s an especially hard problem to tackle as in most cases these employees need access to the data and systems they start to access fraudulently.
There are three steps that can be taken to prevent or significantly lower the likelihood and impact of such problems. The first step is to implement a bullet-proof auditing of who did what on the critical systems, in a way that not even sysadmins or executives are able to turn off. This by itself can have a deterrent effect — if one knows that they have no way to erase their traces they might think twice before committing fraud.
The second step is to control access to critical services in a managed way. Shared accounts, passwords that are known by everyone or direct access to the domain controller are disasters waiting to happen. It must be possible to revoke one’s access to every service within the organisation with a single click.
The third pillar should be the proactive monitoring and analysis of the activities of privileged users and privileged accounts. Behaviour analytics can help security teams find anomalous events and strange accounts, such as the one created by the departing IT Director in this case with the added benefit of also being able to find cases when internal accounts are hijacked by external attackers.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.