Understanding Permission Aggregation and Insider Threats
Insider threats are a growing concern for any large corporation. In 2016, 40% of successful breaches were due to outsiders, but 37% were due to insider threats. These numbers show that these types of attackers are just as popular as threats caused by employees, vendors or corporate contractors. Insider threats include anything from simple employee negligence to more malicious attacks where the employee steals data. Even when data is lost from an innocent mistake, it can cost thousands in penalties. One major reason for the success of these attacks is that permissions aggregate instead of security setting a “need-to-know” basis for access.
The Concept of Need-to-Know Access
You’ve probably seen those television shows where confidential information is leaked from an insider. In the real world, it’s very similar to cyber security threats. Someone with legitimate access to a document or set of data is able to retrieve it, store it, and send it to a third party. Confidential information should only be accessed by people who need to know.
How do IT people understand a need to know the situation? Usually, a manager or executive that “owns” the data signs off on permissions. They verify that the person who has access needs to have access to it to perform their job function. The manager signing off on the access permissions take ownership for the person that has access, and they manage users who should have access.
When you have a list of permissions and give ownership to managers, you then have a paper trail, should the user leave the company. It also takes responsibility away from an IT administrator who does not know who should have access to what data.
Permission aggregation is a security issue when users move from position to position within the company and never have any of their permissions revoked. Permissions to data for another organization within the enterprise are left intact. This breaks the “need-to-know” standard because once the employee moves to a different position, they no longer need to have access to data from the previous position.
Some users move positions several times within the organization. This happens mainly with large enterprises that have several layers of data, and many times this data is much more sensitive than in smaller organizations.
After the employee moves several times across the enterprise, they’ve aggregated permissions and have access to data across multiple divisions. This gives them access to almost the entire library of data that is worth millions to the right buyer. This permission aggregation habit leaves the organization open to severe insider risks and threats should the user either negligently or maliciously decide to steal data and send it to a third party.
It’s also not uncommon for employees to share passwords and other credentials, and this allows other employees access to data under the wrong credentials. This can lead to insider threats and make it difficult for security to identify them due to poor credential management.
How Do You Handle Permission Aggregation?
Instead of adding permissions without revoking them, each time an employee moves to a different position, previous permissions should be evaluated. Any current permissions should be evaluated on a “need-to-know” basis and any of them that aren’t necessary should be revoked. Permissions could be evaluated between IT, security, and current and former managers of the employee.
When permissions are revoked, the organization avoids the possibility of permission aggregation. It also stops insider threats from any other users that have access to the employee’s credentials.
To safeguard your organization from insider threats from unlocked desktops, GateKeeper can help.
See GateKeeper proximity access control in action.
Take a self-guided tour of how your proximity-based access control can work.