Privileged accounts represent the biggest threat to enterprises. The number of
cyber-attacks in which privileged accounts and insiders are involved directly
or indirectly, has significantly increased in recent years. All-powerful access
with the lack of accountability creates a risk which can certainly cause damage
of immense proportions. Widespread use of virtual environments enhances
the risk. The problem with lack of accountability due to use of shared accounts
and passwords, little separation of duties and principle of “least privilege” not
being followed is a massive occurrence in the use of virtual environments.
Privileged identities are classified into groups of malicious insiders. They are
involved in IP theft, espionage, fraud and IT sabotage.
Along with the argumentative idea of the technical approach towards the
solution of the problem, other mentioned issues will be processed, because
Insider threat is a people-centric issue. People are complex beings, hence the
approach to a solution must be versatile.
Attention will be given to the positive practices of Identity based security,
host based security, end-to-end security and compliance for cloud and virtual
environments. Likewise, we will observe the negative practices and possible
approaches to the problem of organizational factors contributing to insider attacks,
with the aim to introduce environment where being an insider is not easy.
D. Pešić, M. Veinović, “Privileged Identities - Threat to Network and Data Security,” in Sinteza 2016 - International Scientific Conference on ICT and E-Business Related Research, Belgrade, Singidunum University, Serbia, 2016, pp. 154-160. doi: 10.15308/Sinteza-2016-154-160
Pešić, D., Veinović, M. (2016). Privileged Identities - Threat to Network and Data Security. Paper presented at Sinteza 2016 - International Scientific Conference on ICT and E-Business Related Research. doi:10.15308/Sinteza-2016-154-160