With data breaches seemingly a daily occurrence, it shouldn’t surprise us that 80 percent of breaches involve the exploitation of privileged access. This interesting information came to us from Gov Info Security in their article, “Changing the Conversation About Privileged Access.”
Recent research indicates that in several high-profile breaches, including those affecting Anthem, Sony and Home Depot, a criminal took advantage of privileged credentials to illegally gain access to a corporate system.
One would think that controlling employee/vendor access would be easier than preventing foreign bodies from breaching the system. However, managing privileged access is a much bigger and more complex job now than it was even just a few years ago.
It is important to point out that exploiting privileged access does not always mean an employee willfully and intentionally participated in a data breach. The most common, easy, and low cost method used to steal access and other sensitive information from employees and other system users is by sending a fake email asking potential victims to click a URL and fill out a form on a fake website or click on attachments and links which download malware onto the users’ computing devices leading to unauthorized access.
Melody K. Smith
Sponsored by Access Innovations, the world leader in taxonomies, metadata, and semantic enrichment to make your content findable.
