Passing along this article from Adam Bosnian of Cyber-Ark Software: Practical advice on avoiding the insider threat. The whole article is worth reading but one item stood out:
Best Practice #4: Secure Embedded Application Accounts
Up to 80 percent of system breaches are caused by internal users, including privileged administrators and power users, who accidentally or deliberately damage IT systems or release confidential data assets, according to a recent Cyber-Ark survey.
Many times, the accounts leveraged by these users are the application identities embedded within scripts, configuration files, or an application. The identities are used to log into a target database or system and are often overlooked within a traditional security review. Even if located, the account identities are difficult to monitor and log because they appear to a monitoring system as if the application (not the person using the account) is logging in.
These privileged, application identities are being increasingly scrutinized by internal and external auditors, especially during PCI- and SOX-driven audits, and are becoming one of the key reasons that many organizations fail compliance audits. Therefore, organisations must have effective control of all privileged identities, including application identities, to ensure compliance with audit and regulatory requirements.
Wow, 80% of breaches now originating within the “trusted internal network” and the article also mentions insider theft has doubled between 2007 and 2008. Anybody out there still not treating the internal network as a hostile environment?