Skip to main content

Insider threat - Managing people security

Published on 22 January 2020

Privileged users

Every organisation has employees with enhanced access to systems and locations. This is generally because those people are in management roles or they are network-systems administrators and they need additional access privileges to do their job.

These Privileged User Accounts should be treated with care and carefully monitored because they create opportunities to exploit the system for personal gain. By operating a system of least privilege, some of the risk can be mitigated because employees only have access to the information and systems that they need to perform their role.

A recent survey by Balabit, a security firm specialising in the risks associated with privileged users, found that only 41% of privileged user accounts were assigned to permanent employees. That means that 59% of privileged user accesses are affiliated with temporary employees and third parties. This dynamic context creates an opportunity for anyone wishing to exploit the system, not to mention the issues that could arise if accesses given to temporary employees remain active after they leave the organisation.

The importance of controlling privileged access became apparent at Dundee City Council when it was discovered that an employee, described as the ‘top IT expert’ with unrestricted access, had been abusing their position since 2009 to defraud the council of over £1 million (Audit Scotland, 2018). The fact that this fraud continued undetected for seven years resulted not only in massive financial loss, it also caused serious reputational damage to the council with widespread news coverage and a damning Audit Scotland report.