Internal users pose severe threat to public sector networks

Chicago (IL) – A recent study by Cyber-Ark Software indicates that 80 percent of system breaches in public sector networks are caused by internal users.

“Mismanagement of privileged identities poses serious risks to organizations – in both the public and private sectors – leaving them vulnerable to threats that can be nefarious in nature, or simply caused by human error,” explained Cyber-Ark CEO Udi Mokady. “Additionally, these privileged accounts are increasingly scrutinized by auditors, and are becoming one of the key reasons that many organizations fail compliance audits. Therefore, agencies must demonstrate more effective control over who has access to powerful privileged accounts and what activities occur during those privileged sessions.”

According to Cyber-Ark, user accounts are often neglected, while session activities can be difficult to monitor due to their anonymous nature. In addition, privileged passwords may be hard coded inside applications, scripts and parameter files, leaving them unsecured, rarely changed and overly visible.

However, the risk of internal data misuse can be significantly mitigated by implementing policies that offer special treatment for privileged identities. Indeed, Cyber-Ark has expressed its support for the newly-proposed Consensus Audit Guidelines which stipulate automated and continuous control of administrative privileges.

“We think the Consensus Audit Guidelines are a good, much needed step to help prioritize security strategies for government agencies. Clearly not a problem for the private sector alone, the threat of the insider is very real and can have a devastating impact in the public sector when you start thinking about the bigger picture,” Adam Bosnian, VP of Cyber-Ark’s products and strategy, told TG Daily. “With generic or anonymous passwords that lead to often un-monitored and un-traceable application access, privileged users can be in a position where they hold all the IT power. This can be a great thing for administrators’ job security, but not for CIOs who need to be able to answer to auditors and tax payers.”

Cyber-Ark also recommended that government agencies closely examine how powerful privileged accounts, such as those with carte blanche access to critical networks, systems and applications, are being monitored and controlled.

“Government agencies can improve security controls around privileged accounts via encryption, password protection and auditing of system access. They can ensure that administrative and application identities and passwords are changed regularly, highly guarded from unauthorized use and closely monitored, including full activity capture and recording,” the company said in a statement.

It should be noted that a number of Cyber-Ark’s products were recently added to the US Government Services Administration (GSA) Schedule, including Privileged Identity Management Suite v5.0 and Managed File Transfer solutions.