The AshleyMadison.com hacker attack potentially exposes more than 37 million user account details and possibly is an inside job. If it is an inside job as CEO Noel Binderman claims, then there’s not much the best security practices can do to prevent it. According to the 2015 Vormetric Insider Threat Report, 40% of organizations experienced a data breach or failed a security compliance audit in the last year. Globally, 89% feel at least somewhat vulnerable to insider attacks and 34% feel very or extremely vulnerable.
It’s especially disturbing to note that 55% of the respondents in the Vormetric study stated that privileged users posed the biggest internal threat to data and assets. A study conducted by The Association of Certified Fraud Examiners stated that internal attacks cost United States businesses $400 billion per year.
Privileged users, who often work unhindered by standard security rules, are responsible for system sabotage, data theft, asset theft, bad code injections, malware introduction, using unauthorized hardware and software, and accidents.
“At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible. Using the Digital Millennium Copyright Act (DMCA), our team has now successfully removed the posts related to this incident as well as all Personally Identifiable Information (PII) about our users published online.”
One of the reasons given by the Impact Team hacking group for the attack, other than the obvious rail against infidelity, is that the $19 fee paid by customers to have their profiles completely erased is a lie. The full delete doesn’t happen. This epiphany could only come from someone who knew the system well enough to reveal that “secret.”
If the Ashley Madison breach were truly an insider or a former employee, it wouldn’t be a surprise to security professionals and researchers who will tell you that it happens a lot. Numbers vary, but some security researchers estimate that more than 60% of all security events originate from inside the corporate network. AshleyMadison.com is no exception. Even with the best safeguards in place and security scans of your external network and website, a single rogue privileged user can cause more harm with less effort than the best hacking team on the Internet. The reason is that he or she has access to everything without restraint.
In November 2009, T-Mobile released information that an employee in the UK stole and sold millions of customer records to data brokers, resulting in the UK’s largest data breach to date. There are many other stories of privileged users creating logic bombs that destroy data, disable monitoring, and lock out users from critical systems, but the common link to all of them is that privileged user abuse work without any kind of security controls or restrictions.
A privileged user is one who has more authority and more access through permissions or job role than ordinary users. Examples of privileged users are System Administrators, Network Administrators, Security Administrators, Domain Administrators, SAN Administrators, and Help Desk personnel.
Some industry experts suggest implementing privileged account management best practices such as separation of duties, least privilege, strict password policies, account management policies, and user activity monitoring to help prevent privileged insider threats and breaches. There is, however, a certain amount of trust that employers have to afford their privileged users. Someone has to carry the keys to the kingdom no matter how many checks and balances you have in place.