The Problem of Identifying Internal Security Threats

by Aug 12, 2020

Providing security for their systems is one of the main concerns of IT professionals and corporate management everywhere. Worrying about security keeps CIOs up at night and database teams in a constant state of high-alert. An entire organization can be put at risk through a single data breach. Keeping data secure 99% of the time is not sufficient.

Protecting the privacy and integrity of data resources is complicated by the fact that security threats can come from both external and internal entities. In some cases, a breach can be caused by a combination of malicious external forces and compromised internal procedures. A recent case in point is the data breach affecting Magellan Health. Hackers installed malware and subsequently stole employee login credentials which allowed them to access and steal sensitive personal data from the healthcare provider’s databases.

What Are Internal Security Threats?

In this post, we are going to concentrate on internal threats to data security. These types of threats can be extremely hard to identify and prevent but are potentially even more dangerous to the affected enterprise than external ones.

Insider threats come in a variety of forms. They may be deliberate actions performed by disgruntled employees or accidental mistakes that occur due to a lack of training or negligence. Here are some specific issues that can lead to misuse of company data assets.

Excessive or elevated privileges – Employees should have exactly the level of privileges that they need to perform their duties. Granting excessive privileges exposes the organization to data being compromised by both accidental and deliberate acts.

Privilege abuse – Misusing authorized privileges to access sensitive data is an example of a deliberate insider attack. The privileges may have been compromised by external actors or simply be misused to obtain some kind of financial advantage to a malicious employee or contractor.

Weak audits and monitoring– Conducting weak or sporadic audits of user privileges and activity expose an organization to internal security threats. Suspicious activity can be uncovered with vigilant monitoring and point out individuals who are exceeding their boundaries. The information obtained through comprehensive monitoring and auditing can be used to tighten permissions or take further action against intransigent employees.

Exposure of storage media – Backup storage media can be physically stolen and expose complete databases to unauthorized use. Encrypting data throughout its lifetime minimizes the risk of backups being used for malicious purposes.

Securing Your SQL Servers from Insider Threats

Adequately protecting an organization from insider threats requires a multi-stage approach. Some of the most important elements of this plan include:

  • Developing an enterprise-wide security policy that includes guidelines for conducting investigations into potential malicious insider activity.

  • Providing physical security that limits server access to those who require it.

  • Screening new employees in an attempt to determine high-risk individuals.

  • Using multi-factor authentication to help protect against weak passwords.

  • Investigating unusual activities that affect any part of your infrastructure.

  • Monitoring system activity to identify misuse of authorized permissions.

Enterprises should operate with a zero-trust mindset where nothing related to internal or external corporate IT security is taken for granted. You can’t take security too seriously. Remember, it’s only paranoia in the absence of a threat, and one exists where your data is concerned.

A Security Tool for SQL Server

Database teams can benefit from a tool that can help identify and address SQL Server security vulnerabilities. IDERA’s SQL Secure is the right solution for taking control of security in your SQL Server environment. The tool provides the information that database teams require to lock down their servers and maintain the security of enterprise data assets.

SQL Secure enables the team to identify and address security vulnerabilities impacting your SQL Servers. The application supports physical and virtual database instances on-premises or in the cloud. You can set strong security policies and prevent violations with a proprietary Level 2 security check modeled on MSBPA and CIS guidelines. Pre-defined security templates are provided for multiple standards including HIPAA, GDPR, PCI DSS, and SOX.

Extensive reporting capabilities include the ability to retain a complete history of SQL Server security settings and allows the designation of a baseline for comparison against future system snapshots. Reports are available to satisfy internal and external audits, demonstrating compliance with regulatory requirements. Detect weak passwords and problems with excessive permissions before they result in a data breach. SQL Secure is a great tool for minimizing the risk of malicious insider activity directed at your SQL Server systems.