Five Steps to Preventing Insider Data Breaches - Slide 5

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Five Steps to Preventing Insider Data Breaches-5 Next

Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users, who accidentally or deliberately damage IT systems or release confidential data assets, according to a Cyber-Ark survey.

Many times, the accounts leveraged by these users are the application identities embedded within scripts, configuration files, or an application. The identities are used to log into a target database or system and are often overlooked within a traditional security review. Even if located, the account identities are difficult to monitor and log because they appear to a monitoring system as if the application (not the person using the account) is logging in.

These privileged, application identities are being increasingly scrutinized by internal and external auditors, especially during PCI- and SOX-driven audits, and are becoming one of the key reasons that many organizations fail compliance audits. Therefore, organizations must have effective control of all privileged identities, including application identities, to ensure compliance with audit and regulatory requirements.

Mismanagement of processes involving privileged access, privileged data, or privileged users poses serious risks to organizations. Such mismanagement is also increasing enterprises’ vulnerability to internal threats that can be caused by simple human error or malicious deeds.

According to a Computing Technology Industry Association (CompTIA) survey, while most respondents still consider viruses and malware the top security threat, more than half (53 percent) attributed their data breaches to human error, presenting another dimension to the rising concern about insider threats.  It should serve as a wake-up call to many organizations that inadvertent or malicious insider activity can create a security risk.

To significantly cut the risk of these insider breaches, enterprises must have appropriate systems and processes in place to avoid or reduce human errors caused by inadvertent data leakage, sharing of passwords, and other seemingly harmless actions.

Adam Bosnian, vice president of products and strategy at Cyber-Ark Software, offers the following best practices for organizations serious about preventing internal breaches, be they accidental or malicious, of any processes that involve privileged access, privileged data or privileged users.

More Slideshows:

14 Tips for a Successful IT Infrastructure Library (ITIL) Implementation Overcome resistance to the structure imposed by ITIL implementation.

Eight Steps to Organizational Effectiveness Discover what being an effective organization really means and how you go about creating one.


Smart Grid: A Closer Look at Potential and Obstacles Review key components of the smart grid and the obstacles facing this massive undertaking.

 

Related Topics : Application Security, IT Process Management, Six Sigma

 
More Slideshows

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

DataM62-190x128 10 Steps for a Proper Data Governance Plan

Establishing a digital governance plan can be a challenge, but with the right education and tools, the job can be made a lot simpler. ...  More >>

DynCloudInternetVisibility0x 8 Reasons the Enterprise Needs More Visibility into the Cloud

IT executives need the right tools to monitor and control their cloud infrastructure to maximize the positive impacts and mitigate security threats. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.