A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred on September 21, 2023, when an unauthorized employee accessed a file containing sensitive information of over 63,000 employees.
The exposed data includes full names, physical addresses, Social Security numbers, national IDs, gender, union affiliations, date of birth, and compensation information. Fortunately, customer information remains unaffected.
The US telecommunications giant, in response to the breach, has emphasized its commitment to enhancing internal security measures. While there is currently no evidence of malicious exploitation or widespread data leaks, the company is taking proactive steps to prevent future incidents.
Start with Admins
Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS app. There are two types of permissions within a SaaS application. Functional access covers things like creating accounts and navigating the application. Data access permissions, on the other hand, govern which users can retrieve and modify data. The admin account (or the super-admin account in some apps) is the most sensitive within the app, as it has full access to both types of permissions.
For threat actors, breaching an admin account is akin to winning the lottery. They have access to everything. Organizations must do everything within their power to maintain control over these accounts. This control is managed through configurations and best practices.
Implement Limited Redundancy
It’s important to have a minimum of two admins for every application. This redundancy makes it difficult for an admin to act alone against the best interests of the organization, as admins can monitor each other for any signs of a breach.
However, each admin increases the application’s attack surface. Organizations must strike a balance between having enough admins to adequately service the application while limiting exposure. An automated review of the number of admins should trigger alerts when the number of admins is outside the preferred range.
Subscribe to our blog
Implement Limited Redundancy
It’s important to have a minimum of two admins for every application. This redundancy makes it difficult for an admin to act alone against the best interests of the organization, as admins can monitor each other for any signs of a breach.
If your organization doesn’t have a password policy, consider following NIST guidelines:
- Don’t make mandatory password changes, as users tend to choose easy-to-remember passwords.
- Use long passwords over complex ones. Combinations of numbers, special characters and lower/upper case characters usually follow a format like this: Password1!. These are easy to brute force. A long password like
It may seem unlikely that threat actors spend their time looking for misconfiguration that they can exploit. Yet, that is exactly what the Russian state-sponsored group Midnight Blizzard did when it breached Microsoft this year. If misconfigurations can happen at Microsoft, it’s worth reviewing to make sure that your applications are all secure.
About the writer
