Access Management , Advanced SOC Operations / CSOC , Anti-Phishing, DMARC
5 Ways to Improve Insider Threat Prevention
If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
See also: Forrester Study: The Total Economic Impact™ (TEI) of Absolute
Being able to understand the multitudes of ways that data can be stolen and what those threats look like are critical to building a resilient enterprise.
While we recently examined the rising of the politically motivated insider, the truth is that most incidents are traced back to employees who are just negligent or unaware, whether it's accidentally emailing customer data to an external party or clicking a phishing link.
Most "mistakes" come from negligent insiders. Unfortunately, these insiders are often the hardest to identify. With no malicious intent, these employees are just trying to be productive and independent, which sometimes leads them to circumvent IT, download insecure apps or mistakenly click that phishing link.
The ways that insiders put data at risk are always changing. A combination of education and technology is the best approach to detecting and remediating negligent user behavior. While security training is pretty standard these days for new employees, it's not uncommon for most organizations to forget to build in reminders or to update training over time. Employees may simply forget they aren't supposed to email data or use open Wi-Fi networks.
Insider Threat Prevention Requires Visibility
With the explosion of cloud storage, SaaS and the growth in IoT, OT and IoT devices, there are now more ways than ever for data to be inappropriately shared, making it difficult to be 100 percent certain where company data and sensitive information may end up.
While I expect big things to come out of intent-based security, machine learning and AI, we don't need to look to future technology to solve all of today's problems with insiders. We'll never shore up all the cracks in data security, but we can most definitely improve on the status quo. Here are five critical steps:
- Watch the movement of data. You need to be able to watch for the movement of critically important internal and customer data as it traverses within (and outside) your environment. Most organizations are solid on network monitoring but lack control and visibility over data as moves onto devices or into the cloud
- Monitor for Shadow IT. Look for applications and tools that have not been approved or vetted by your IT and security teams for use. While blocking all non-approved apps and tools could clamp down on productivity, it is critical to have plans in place when these apps may compromise sensitive data
- Address endpoint security. Ensure the physical security of your employee devices and the corporate data stored on those devices
- Have a solid asset management solution. Such a solution gives you the capability to immediately respond to a lost or stolen device, closing the window of opportunity for an attacker to capitalize on the data or network access associated with a stolen device
- Choose strong security layers. Back up your asset management solution with full disk encryption, anti-virus and a VPN to minimize access to a device and the data it contains
Threats posed to your organization's data aren't always going to be malicious, but the risks they pose are serious and real. Being able to understand the multitudes of ways that data can be stolen and what those threats look like are critical to building a resilient enterprise that puts the protection of you and your customer's data first.