When outsiders become insiders

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By John Walsh
 

Connecting state and local government leaders

By John Walsh

|

Once an agency network is breached, a determined hacker becomes an insider, so the security mechanisms in place to mitigate the damage are critical.

No matter how much money agencies can spend on cybersecurity products and services, it will come to little good if basic and foundational security protocols are not observed. A malicious outsider can quickly become an insider, rendering a cybersecurity budget null and void.

Consider this cautionary tale:

Bill is the chief security officer of Agency Z. Just after the building's security checkpoint, he sees Karen from cryptography, who says that the agency's IT admin Ross has been hard at work since about 5:00 a.m. This seems odd, because Ross is not known as a morning person. Karen says Ross requested access to the agency’s highly sensitive database for maintenance purposes. His access credentials and keys were older, she says, but they still checked out, so she let him continue.

Walking past the water cooler, Bill says hello to Deb from data loss prevention. She mentions that she’s surprised how hard Ross has been working this morning, transferring gigabytes of data around the network. Deb figures there must be a major update in the works, and Bill agrees that must be why Ross came in so early. Bill is impressed with Ross’s initiative to work off-hours, and he asks what kind of data Ross has been transferring.

Deb confesses that she hasn’t the slightest idea. Everything is encrypted for security reasons, so she can’t see what kind of data is moved in and out of the system. However, she tells Bill that Karen from cryptography said his credentials checked out, so there's no need to worry. Ross is a trustworthy employee.

Bill feels a rising sense of unease, though he can’t pinpoint where it’s coming from.

He stops by Pete's office -- Pete is in charge of privileged access management (PAM) and asks if he’s had contact with Ross today. Pete tells him that, in fact, Ross worked around him by using an SSH key pair. When Bill says that seems like a breach of protocol, Pete assures him that this type of thing happens all the time. Pete mumbles something about how he’s never bothered to check for new SSH keys after vaulting all the SSH keys on his first day of work. He supposes he could continuously discover SSH keys, but that seems like a lot of work.

Bill’s unease grows stronger as he arrives at his own office and starts his computer. His login fails; he realizes he’s forgotten his password again. As if on cue, his phone rings. It’s Ross, who is coughing and sniffling. He apologizes for calling so late in the work day, but…

A fearful realization grips Bill. “You’re…you’re not in the office?” Ross confirms this, explaining that he called to say he is sick and won’t be in today. “If you’re not here, then who is roaming through all our critical systems and moving massive amounts of encrypted data out of the network?”

How can agencies avoid this scenario?

First, Bill and his team must realize there is no perimeter anymore. Every day, attackers find new ways to breach perimeter security through ransomware, malware or phishing through social engineering. A determined attacker will get in, turning an outsider to an insider, so the security mechanisms agencies have in place to mitigate the damage will be the most important.

Second, the agency's security team should implement these best practices to mitigate attacks resulting from the theft of credentials like SSH keys.

  • Continuously monitor network environments for new SSH key deployments to ensure PAM systems are effective.
  • Use short-lived credentials to eliminate the need for passwords or burdensome and intrusive PAM systems.
  • Decrypted and inspect all internal and external traffic because encrypted traffic renders data loss prevention tools and firewalls useless.

The entity masquerading as Ross could have been any number of individuals or organized crime gangs that seek access to government data. The individual or group could have been lurking deep in the network for some time, watching and learning before striking. The result could be a massive data breach that depletes citizens’ confidence and, depending on the type of data stolen, could put people, national interests or government secrets at serious risk.

Privileged access management must be taken seriously as part of an overall cybersecurity strategy. The best practices listed above can help agencies avoid becoming the next sad story.

NEXT STORY: Agencies cautious on blockchain applications

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.