Using User Access Management to Defend Against Insider Threats

According to the SolarWinds 2019 Cybersecurity Survey, cybersecurity threats are increasing—particularly the threat of accidental data exposure from people inside the agency. According to the survey, 56% of respondents said the greatest source of security threats to federal agencies is careless and/or untrained agency insiders; 36% cited malicious insiders as the greatest source of security threats. Nearly half of the respondents—42%—say the problem has gotten worse or has remained a constant battle. According to the survey, federal IT pros who have successfully decreased their agency’s risk from insider threats have done so through improved strategy and processes to apply security best practices. While 47% of respondents cited end-user security awareness training as the primary reason insider threats have improved or remained in control, nearly the same amount—45%—cited network access control as the primary reason for improvement, and 42% cited intrusion detection and prevention tools. The lesson here is good cyberhygiene in the form of access management can go a long way toward enhancing an agency’s security posture. Certain aspects of access management provide more protection than others and are worth considering.

Visibility, Collaboration, and Compliance

Every federal IT security pro should be able to view permissions on file servers to help identify unauthorized access or unauthorized changes to more effectively prevent data leaks. Federal IT pros should also be able to monitor, analyze, and audit Active Directory and Group Policy to see what changes have been made, by whom, and when those changes occurred. One more thing: be sure the federal IT team can analyze user access to services and file servers with visibility into privileged accounts and group memberships from Active Directory and file servers. Collaboration tools—including SharePoint and Microsoft Exchange—can be a unique source of frustration when it comes to security and, in particular, insider threats. One of the most efficient ways to analyze and administer SharePoint access rights is to view SharePoint permissions in a tree structure, easily allowing the user to see who has authorized access to any given SharePoint resource at any given time. To analyze and administer Exchange access rights, start by setting up new user accounts with standardized role-specific templates to provide access to file servers and Exchange. Continue managing Exchange access by tracking changes to mailboxes, mailbox folders, calendars, and public folders. Finally, federal IT pros know while managing insider threats is of critical importance, so is meeting federal compliance requirements. Choose a solution with the ability to create and generate management and auditor-ready compliance reports showing user access rights, as well as the ability to log activities in Active Directory and file servers by user.

Conclusion

There are options available to dramatically help the federal IT security pro get a better handle on insider threats and go a long way toward mitigating risks and keeping agency data safe. Find the full article on our partner DLT’s blog Government Technology Insider.