Skip to main content
banner image
venafi logo

2017 DBIR Underscores the Need to Defend Against Partner Privilege Misuse. Encryption to the Rescue!

2017 DBIR Underscores the Need to Defend Against Partner Privilege Misuse. Encryption to the Rescue!

partner encryption exposure
May 3, 2017 | David Bisson

The latest Verizon breach report is out. And it’s a great opportunity for organizations to internalize the learnings and reevaluate some of their protection strategies. In particular, organizations should consider using encryption along with other security measures to protect against partner-based privilege misuse attacks. 

In its 2017 Data Breach Investigations Report (DBIR), Verizon Enterprise reveals that privilege misuse attacks are alive and well. Its researchers received data for 7,743 incidents of privilege misuse in 2016. 277 of those security events disclosed corporate and/or customers' data.

According to Verizon's dataset, privilege misuse primarily affected companies in the Public, Healthcare, and Finance industries. In 60 percent of cases, an end-user stole sensitive data with the hopes of monetizing it. It's therefore not surprising that 71 percent of privilege misuse attackers were financially motivated to steal personal information and medical records. They perpetrated their misdeeds by compromising databases (57 percent), reviewing printed documents (16 percent), and accessing another employee's email (9 percent).

Nearly one fifth (17 percent) of cases included in Verizon's analysis involved individuals surrendering to their curiosity and snooping for information. These actor in some cases aligned with 15 percent of attackers by espousing espionage as a motive. The offending individuals stole trade secrets or internal data approximately a quarter of the time.

Overall, internal actors were primarily responsible for the privilege misuse breaches reported to Verizon at 81.6 percent. External actors came in at 7.2 percent and colluded with internal actors in 8.3 percent of cases. The remaining 2.9 percent of breaches fell on partners.

This last finding might come as a surprise. Organizations like to think of their partners as trusted relationships through which they can expand their business interests and realize their goals. However, just as malicious insiders sometimes hide in an organization's ranks, so too can malevolent employees at another company abuse access to a partner's network to cause harm.

Verizon documented one such security event in its 2016 DBIR. In that case, a cyber insurance firm launched an investigation into one of its clients, an oil and gas company which operated a chain of service stations. The firm's inquiry detected suspicious activity emanating from the service station chain's IT and point-of-sale vendor. As it turns out, a helpdesk employee at the vendor had changed a configuration file. This modification allowed the malicious actor to collect cleartext authorization requests from each fuel pump, information which contained customers' payment card details. The attacker could use that data to conduct fraudulent transactions.

To protect against partner-based privilege misuse incidents such as those detected by Verizon, organizations should store their data on their servers or databases in encrypted form. Another group should in turn manage the encryption keys under an arrangement that's known as transparent encryption. This type of scheme helps ensure that those who can access the data, e.g. partners, also don't have access to the keys. Companies can then implement access controls to further prevent privilege misuse attacks.

Whoever manages the keys will need to know where the keys are located, who owns them, and/or how they are used. To expand their visibility into these factors, organizations should consider investing in a management and monitoring solution for their keys and certificates.

Are you ready to protect against partner-based privilege misuse?

Like this blog? We think you will love this.
Featured Blog

How to Remediate Keys and Certificates After a Data Breach

The Solution

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more