INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, cilt.18, sa.1, ss.33-42, 2018 (ESCI)
The companies gradually increase their safety precautions towards protecting their information systems, but the attackers simultaneously explore many different methods for breaching or bypassing the safety precautions. In this cycle, the attacks to information systems are expected from outside, and the cyber security investments are made in this parallel. As a result of this, the companies are caught unprepared for these conscious or unconscious breaches. In order to achieve their goals in insider attacks, the attackers attempt to seize the privileged accounts, which have much more authorizations on the information systems than the normal accounts. The reason for targeting the privileged account is that these accounts have wide authorizations on the information systems. IT personnel are responsible for realizing and managing the cyber security precautions within the company. In general, the IT personnel do the same mistake by adopting the general approach; they expect the attacks from outsiders and ignore the insider threats. The most important one among these threats is the seizure of privileged accounts, which is used by the IT personnel every day, by the attackers. The measures to be taken for preventing the malicious use of privileged accounts and the approach to be adopted in order to increase awareness of IT personnel are discussed in this paper.