The Motivations of Those with #Privilege

Recent events with the Twitter handle @realDonaldTrump serve as a reminder of the power of privilege and the potential risk when that power is misused. In this case it appears that a Twitter employee (insider, who was supposedly on the way out the door), perhaps felt motivated based on tweets that they found objectionable or annoying, chose to de-activate the account. We all probably have a friend, relative or some public figure for which we wished there was a simple button to push (there is – unfollow) to silence their ramblings on social media. In this case, the action of “unfollow” is possible and an easy choice, but the person chose to use their privilege to do more, deactivate the account entirely.

Those with privilege and power can often do great things. It might be a leader uniting nations or it might be an admin successfully getting a data center back on line after a catastrophic failure. Both require some amount of trust and privilege to make the outcome a reality. But that same power can be misused, depending on the motivations and desired outcomes of the individual.

There are insiders in every organization that have admin privileges to change, delete, and reconfigure workloads that are running critical business functions and holding sensitive and valuable data. Often there are not controls in place to enforce a policy that for instance limits the scope of the admin actions that can be taken based on a role, or that requires secondary approval for changes outside of established norms or policy. With the risk of stolen credentials, even the use of two-factor authentication can limit the damage that an can be inflicted with the use of stolen credentials. What a privileged admin is allowed to do can also drift as new permissions are granted temporarily to complete a needed task, but never revoked once that task is complete. Without ongoing assessment and controls, those with privilege are a huge risk, if their motivations shift.

These misuse of privilege incidents are not new and attacks like what occurred at Shionogi & Co. Ltd. years ago highlight the risk and damage that can result. It appears this most recent abuse of privilege incident only lasted eleven minutes and @realDonaldTrump was restored. Reactivating the Twitter handle was quick and easy it seems. What if the person with privilege were to have tweeted a message from @realDonaldTrump that caused another nation to respond quickly to a perceived threat based on the message?

If an incident involved three hundred of your most critical VMware-based virtual machines that were deleted or changed by a privileged admin, could you recover in twelve minutes? It may be a good time to assess privileged access to your virtualized workloads and begin putting controls in place to ensure your business isn’t disrupted by a “rogue employee”.