With the release of the film "Snowden," Phoenix-based security company BeyondTrust reviewed common security weaknesses organizations shared with the 2013 U.S. classified information breach, especially in the use of privileged credentials.
"Regardless of the film's historical accuracy, the fact is Snowden was an administrator, he was a trusted insider and he used various insider techniques to steal a ton of data," Morey Haber, vice president of technology, at BeyondTrust, said.
"No one monitored the administrator," Haber said. Snowden used demonstrated weaknesses in cybersecurity defense to hack his own workplace: leverage unmonitored privileged access to copy and exfiltrate sensitive information; and cause significant damage with the data.
"Almost all of the recent breaches started with someone on the outside that became inside," Haber pointed out. "Snowden is the exception because he was the insider that made it actually happen."
Inside or outside, hackers take advantage of people being admins to do nefarious work Haber pointed out. "Since they are an administrator and using administrator credentials, no one is monitoring the big brother."
BeyondTrust, which provides tools that to limit privilege abuse, explained when an application or task requires administrator privileges to operate (like changing the computers time/date or installing software), there are two choices to make. The first is the traditional approach. Allow the user to have a username and password for an administrator account to perform the work. They either login with those credentials or specify it for the application itself. Both represent a risk to stealing the credentials with techniques like pass the hash or keystroke logging. The second, preferred approach is to change privileges of the application or task itself and not use real permissions.
BeyondTrust's recent Privilege Benchmarking Study surveyed nearly 550 executives involved in privileged access management. There were two response-based tiers with top companies distinguishing themselves as far better prepared to mitigate data breaches. Ninety-one percent of top-tier companies are also more likely to conduct vulnerability assessments, compared to just 20 percent of bottom-tier organizations. Highly regulated industries such as financial and healthcare fell into the high end but manufacturing and education need lots of help in this area.
BeyondTrust suggested five quick steps to improve a privileged access management strategy:
1. Be granular: Implement granular least privilege policies to elevate applications, not users.
2. Know the risk: Never elevate an application's privileges without understanding known vulnerabilities.
3. Augment technology with process: Reinforce enterprise password-management hygiene with policy and an overall solution. Require regular password rotation and centralize the credential management process.
4. Take immediate action: Real-time monitoring and termination capabilities can mitigate a data breach as it happens.
5. Close the gap: Integrate solutions across deployments to reduce cost and complexity, and improve results. Look for broad solutions that span multiple environments and integrate with other security systems.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
