A few days ago, another study was released that could provide further impetus to improve information security policies across the board. This more relevant data is buried in a report by the US Secret Service and Carnegie Mellon's CERT which concluded that "insider revenge is often behind cyberattacks." The somewhat-alarmist conclusions and sound bites highlighted in the report belie some very interesting statistics, particularly that "57% of the attacks were carried out by systems administrators, while 33% were caused by privileged users."
This study was rather limited and still a little dated, involving 49 cases of insider attacks between 1996 and 2002. But its results still speak volumes: 90% of all attacks in the study were performed by users with higher-than-normal privileges. If this isn't enough to take wind out of the sails of those who still believe a firewall is adequate protection, then those people are beyond the realm of rational thought.
The lessons here are twofold:
- The people who get administrative or elevated privileges should be limited absolutely as much as possible, and
- Those who have elevated privileges should be the most carefully watched.
Hopefully, some inquisitive minds with the necessary time and funding will be able to perform a similar, broader study on attacks by users with elevated privileges. A study with this specific focus would grab the attention of a broader audience, including IT decision makers, and further raise the bar on internal, layered security.