Skip to main content

What Pablo Escobar’s downfall reveals about identity security

What Pablo Escobar’s downfall can teach us about identity security
(Image credit: Shutterstock)

Security can be complex. Never more so than when digital identities are used to infiltrate otherwise seemingly guarded networks.

About the author

Ben Bulpett, EMEA Director, SailPoint.

The case of U.S. Customs Agent Robert Mazur, who investigated the big Columbian drug cartels in the 1980s, shines a light on this. Using identity as a trump card, he posed as Bob Musella – an almost-legit ‘businessman’ and broker from New Jersey, with a taste for the high life and money. Through ‘Bob’, Mazur inveigled himself deep into the fabric of the international drug cartels and their money laundering operations to eventually bring down Pablo Escobar and his associates.

What has this got to do with cyber security in the enterprise, exactly?

Mazur was the perfect insider threat. Every move he made was slick. One slip and he’d have been executed under Escobar’s Bloody Coffin regime. Every connection, person accessed, every privileged meeting, every piece of information offered, every tick and idiosyncrasy was engineered to feel real, authentic, believable.

In this instance, the system and the organization were a blight on the world and the insider was one of the good guys. But that is not always the case - especially amongst the increasingly complex attack surfaces that sophisticated operating systems, apps and platforms present.

With insider threats growing by almost a third in the last two years, enterprises must step up their identity security and grant access only on a need-to-know basis.

From the outside, in

The insider threat has evolved over the years, going way beyond criminal drug networks and the likes of Pablo Escobar. From revenge cyber-attacks and hours of network downtime, to the leaking of thousands of sensitive documents, these have made headlines around the world.

The timeline to identify and contain insider threats is also changing. While Mazur took four years to bring down Escobar’s drug cartel, nowadays, someone could be in organization for less than a year and do monumental damage. This is made even more likely because malicious insiders aren’t always outside-in agents of either criminal or malicious intent. Disgruntled employees are as much a cause for concern, advantageously able to bypass internal cybersecurity measures like multi-factor authentication and device verification since they have permitted credentials for these.

Remote working means more risk

Systems are even more vulnerable to insider breaches and attacks as we continue to work from home. This is because remote working makes it more difficult for IT management teams to monitor the enterprise security perimeter, as hackers could be looking to take advantage of multiple user access points.

To make matters worse, technology and platforms, especially those we’ve come to rely on during the pandemic, are making the breachers more and not less elusive. In one report from Synopsys, over 50% of the organizations approached said that the shift to the cloud made insider attacks more difficult to detect.

Attacks and breaches from insider threats are not only destabilizing, they are increasingly expensive. Some reports set the average cost of an insider breach to an organization at between some £8 million and £11 million, not to mention the reputational damage the company may suffer.

Moving from a tick-box solution to a strategic imperative

Protecting against the insider threat requires a shift in priorities. Identity security must move from being a tick-box solution in the IT function, to being a strategic imperative in the management and governance functions. Access must be granted with the aim of limiting this to only what is required by each user. This is critical in helping companies ensure that access privileges are appropriate and conform to policy.

Fortunately, technology such as AI and machine learning-driven user identity platforms can support this approach. The latest identity security solutions can provide geolocation alerts if a user who normally accesses the network in, say, Basingstoke, is suddenly accessing the network from Brazil, for example. These can help IT teams recognize abnormal access or behaviors that aren’t typical for the role or individual in question – ultimately making it more difficult for threats to successfully infiltrate.

Optimizing the business, one secure identity at a time

Identity security, especially when viewed from inside your organization, must be provisioned for properly with the strictest gate keeping possible. IT leaders must take the necessary steps to optimize the business, one secure identity at a time. AI and machine learning identity platforms can help achieve this, all without hindering business continuity. As Pablo Escobar and his associates found out, the moment you stop asking simple questions - Who are you? Why are you here? And what are you doing? - the trouble often begins.