Increase in Privileged User malicious activity

  • Team Omega
  • May 10, 2012

Recent examples of too much control to privileged users misusing their accesses have led corporations to think twice about giving all rights to just one person.  Many disastrous results can easily be avoided by having various check points and monitoring in place.

If accidents are caused by privileged users the effects can be less disastrous meaning recovery can be made possible by giving another person similar high-level access privileges.  Malicious activities should be watched by monitoring these users, as well by logging and using policies to control different areas.  Restricting their activities so they can only have rights to certain areas and not to the entire range of network and systems can be helpful.

In spite of this, it is difficult to completely stop threats from insiders since events can occur at the same time across different areas in different systems and applications.  A deeper understanding of how things corelate is necessary. A limited number of employees need to delve deeper into the area of corelation.  So, if one disgruntled privileged insider breaks lose, another person can step in to salvage the situation and minimize the effects of a disaster. To truly monitor privileged users, organizations will also need to be able to correlate events, providing deeper insight into their dependencies. 

These precautions are not only absolutely necessary for data security but are also the mandates of security standards.  Choosing to ignore them could mean loss of business intelligence, customer information and possibly of your entire business.