Top tips to protect systems against insider misuse
The 2014 Verizon Data Breach Investigations Report revealed a disturbing trend, which is the fact that users’ access rights have become a weak point in the security policies for the majority of organizations. The report proves this tendency by stating that 88% of security incidents were caused by insider misuse, also indicating that only 9% of data leaks were discovered due to continuous auditing of IT systems.
The issue of insider threats is aggravated with the fact that a breach can take from days to weeks to be discovered, and in some cases, years will pass until you find out that sensitive information has been compromised.
At the same time, according to the 2014 InfoWorld Navigating IT Report, although 89% of IT professionals admit the necessity of investments in security, only 44% of large enterprises and 13% of small and medium businesses actually plan to invest and enforce their security policy in the near future.
Considering this trend, Netwrix explains why monitoring of access privileges on the regular basis and protecting systems against insider misuse is a must for organizations of all sizes.
To help companies avoid security incidents and their devastating consequences, Netwrix shares three of the top questions every company should be able answer positively to ensure the protection of sensitive data against insider threats:
Do you monitor user accounts’ activity regularly? – This is critical for companies where the number of user accounts is changing constantly or where, as result of internal shifts, users’ permissions are regularly updated. The risks often hide in the active accounts of former employees and in accounts with redundant permissions. If you monitor changes across the entire IT infrastructure, you have complete visibility into who made a change, as well as when and where the changes were made; therefore, you can track any malicious activity.
Do you know your data and who has access to it? – The accelerating volume of security incidents that have been caused by privilege misuse shows that companies are unaware not only of who has access to the data but also of places where this data is stored, uploaded, and shared. Monitoring your IT infrastructure and tracking changes made to sensitive data will help you to minimize security violations.
Are your employees aware that their activity is being monitored? – This practice should definitely be a part of any company’s security policy. Publishing anonymous reports and sharing them among employees explains better than words that everybody is responsible for data security, and it forces employees to control their actions.
“Even with the understanding of the necessity to protect sensitive data, only few companies realize that IT infrastructure should be taken under control. Unfortunately, far less of them track changes and monitor users’ access rights,” said Michael Fimin, CEO and co-founder of Netwrix. “However, having your IT system audited on the regular basis allows you to keep an eye on any malicious change. Having complete visibility across the entire IT infrastructure not only facilitates investigation in case a security breach occurs, but it also ensures that your sensitive data is under permanent control.”