Privilege Misuse a Highlight in the 2016 Verizon DBIR
by Sam Elliott|
Verizon’s annual Data Breach Investigations Report for 2016 is now out, and it highlights some dangerous trends facing today’s businesses and governments. With more than 100,000 incidents and 2,000 breaches analyzed, Verizon has captured a holistic view of the state of global cybersecurity.
The 2016 report highlights long-standing vulnerabilities around privileged access misuse and exploitation. Top industries affected include healthcare, finance, and the public sector – three sectors with extremely sensitive and lucrative data. And not only do these privileged access vulnerabilities target sensitive data, they are, “likely to take months or years to discover,” with intruders often lurking inside a network for extended periods of time to obtain information.
According to Verizon, privilege misuse accounted for over 15 percent of all incidents, second only to “miscellaneous errors.” When it comes to full-scale breaches, privilege misuse accounted for the cause of almost 10 percent.
The report also found that 77 percent of those privilege misuse breaches involved an internal actor. It’s important to note that the privilege misuse breaches are not always the result of a malicious former employee or disgruntled worker, but often stem from carelessness and lack of awareness regarding sound IT protocol.
Additionally, Verizon’s data shows that insider and privilege misuse has been a consistent problem over the past six years that isn’t going away, accounting for close to 15 percent of breaches each year since 2010.
What steps can organizations take to manage this persistent issue?
As the data shows, most organizations struggle to limit their exposure to cyber attacks that stem from exploited privileged user credentials. From IT administrators, to help desk agents, to external vendors, the number of people with privileged access is often unknown and difficult to manage. Without the ability to granularly control access and establish an audit trail of who is doing what on a network, organizations cannot protect themselves from this vulnerability.
Third-party vendors are a particularly dangerous set of privileged users since they are outside the company’s security policies and practices. Bomgar’s recent Vendor Vulnerability research found 81 percent of respondents admitted that high profile data breaches, such as the 2013 attack on Target, have increased their awareness of the need for better third-party vendor controls. Yet only 35 percent are confident they know the exact number of vendors accessing their IT systems. The research also reveals that on average 89 third-party vendors access a typical company’s network each week, and that number is likely to grow.
It is only when access is secured that organizations are able to limit their vulnerability related to privileged misuse.