10 people who are your top security risks
Data leaks can occur in unexpected ways, and these roles may pose gaps in your organization.
Roles within an organization that pose the largest vulnerabilities
For many organizations, the greatest risks to data security are found on the inside. Prime suspects are employees and contractors with “privileged user” access. Here’s a rundown from security firm Bomgar on employees healthcare organizations have who could be the weakest links in your security.
Beware the privileged user
“Privileged users are one of the most valuable targets for hackers looking to gain access to sensitive information,” explains Sam Elliott, director of security product management at Bomgar. “While companies are aware of this, providing security around these types of users without limiting their ability to do their jobs effectively is difficult.
Another aspect to consider is that even companies with a sophisticated security strategy don’t have a great grasp on how to define who represents a “privileged” user. This is true both in the private and public sectors, including the healthcare industry. In fact, the recent Congressional report investigating the Office of Personnel Management data breach, which leaked data on more than 22 million people, stated, ‘users inside a network are no more trustworthy than users outside a network.'”
Protecting your data
Access to sensitive data by privileged users continues to represent the most vulnerable weakness in corporate security strategies. “Companies aren’t spending enough time or planning on ensuring that individuals have access only to exactly the information they need to do their jobs,” Elliott says. “Meanwhile, hackers are getting better at impersonating legitimate individuals with legitimate credentials, so users should be constantly vetted to ensure that their access doesn’t go deeper into the network than it needs to.”
Enterprises should audit their users to help identify privileged users and determine appropriate access controls. In this slideshow, Bomgar identifies 10 surprising types of users who could be considered as having privileged access in an organization.
“In many organizations, executive assistants may hold lots of keys,” Elliott notes. “Often, they are allowed access to sensitive information on executives, processes and systems such as log-in information, financial information and high-level files. This makes them valuable targets for outside threats.”
Social media administrator
“Because a social media administrator is frequently online and public-facing, information about them may be readily visible on networks like LinkedIn,” Elliott explains. “Cybercriminals may seek access to a company by posing as a social media administrator who claims to need access to a system or other information.”
A former employee or vendor
“One of the most common failings facing organizations across all sectors, with healthcare being especially vulnerable, is eliminating access to systems once an employee or vendor relationship has ended,” Elliott says. “Without closing off this access, companies are vulnerable to an attack. A best practice is to eliminate these profiles to reduce the attack surface.”
New IT administrator
“Hackers can be surprisingly sophisticated, searching online to perform social engineering before attempting to gain access,” according to Elliott. “A new IT administrator that is unfamiliar with protocols and processes could be highlighted as a target by outsiders seeking to exploit the lack of domain knowledge to trick them into providing access.”
“Many enterprises, especially large ones, rely on a complex system of vendors to conduct normal business operations,” Elliott explains. “As seen in several high-profile hacks, when these vendors are given direct access via VPN to the systems that they manage, that access can provide a gateway for hackers. Enterprises should ensure their vendors are only granted limited, controlled access.” Healthcare organizations commonly have many dozens if not hundreds of vendors.
“Layered security often requires integration or support from various security providers,” Elliott points out. “Since they’re likely to be given access credentials and the ability to move around a network, companies should take the time to audit these providers to assess how strong their own security really is before engaging with them.”
“In retail and other service industries, certain time periods introduce seasonal and part-time employees, including within IT,” Elliott says. “They are often provided temporary access to online systems like payroll and other portals where data is held, and may also be provided hardware such as laptops or mobile devices. These employees should be treated with the same security safeguards as any other workers.”
Chief executive officer
“Earlier this year, the FBI estimated that sophisticated scams targeting CEOs have cost companies $2.3 billion in losses in the last three years alone,” Elliott says. “These types of attacks on CEO credentials and information show that outside attackers will go after both the very top and the very bottom of an organization.”
“With more information being moved to the cloud, those that manage cloud infrastructure are increasingly important privileged users,” Elliott says. “Whether building an architecture or managing a cloud platform, or governing data, these individuals will have deep and wide access to a company’s information, making them potentially lucrative to hackers.” For instance, the healthcare sector is increasingly adopting cloud infrastructures.
Company charity organizer
“As seen in the JP Morgan Chase hack of 2014, attackers never lack in creativity,” Elliott stresses. “Many large and small charitable organizations affiliated with a corporation or corporate sponsor may be provided access to employee databases, or be the holders of valuable information on employees that have participated in charitable drives or functions.”