How to protect your organization from insider threats, the #1 risk for data loss
Is your security approach exposing your organization to risk? The answer is “yes” if your security strategy focuses exclusively on external threats. If the breaches of the last 24 months have taught us anything – it’s that insider threats are a cause for equal if not greater concern.
In a recent survey, IT professionals were asked the types of insiders that they thought posed the greatest security risk. 56% of the risk was thought to be regular employees, 55% suspected privileged IT users, while 42% of the risk was thought to be from outside contractors or temporary workers.
When it came to IT assets, those surveyed said databases and file servers were thought to be at the highest risk. However unlike outside threats, insiders already have access to your databases and files.
When asked about the main enablers of insider threats, 37% of respondents believed that it was because too many users have excessive access, while 36% believed it was an increasing number of devices that have access to sensitive data.
And it’s probably no surprise that personal and health information was the primary target, with 55% of those surveyed suggesting privileged account information like passwords were targets while 49% identified personal information like PII and PHI as primary targets.
Insider attacks: A serious business threat on a global scale
If there’s any question on the scale and level of vulnerability from the most sophisticated, innovative organizations globally – we need to look no further than some recent examples – including the alleged insider threat to Tesla. News broke in an email from CEO Elon Musk that alleged a trusted insider had been deliberately sabotaging software systems that were part of Tesla’s manufacturing process. This left security professionals wondering why better controls were not put in place to keep insiders from abusing their privileges.
Another insider incident occurred at Punjab National Bank when an employee used a sensitive password to the Swift Interbank Transaction system and stole $1.8 billion as part of a complex fraudulent transaction chain. In another example at Coca-Cola, a former employee stole sensitive data for roughly 8,000 Coca-Cola workers.
No time for tradition: How the security approach needs to shift
The problem with traditional implementations is a security-with-blinders focus on files, infrastructure, and data in order to secure systems. They limit access to unauthorized users, but do not take into account the risk involved with negligent or malicious users that have already been given access to the system.
This is the real risk of insider threat. It could come from third-party contractors that have access to your systems or privileged user accounts with administrative access. These types of users are outside of the traditional approach to security and are often an oversight of traditional DLP software.
There is a tremendous emphasis being placed on data privacy with GDPR, the new California Consumer Privacy Act, HIPAA, PCI DSS, SOX, and other new regulations that are designed to protect Personally Identifiable Information, Personal Health Information, and data privacy. Not protecting these assets can bring about material penalties with mishandling or misuse of data, data breaches, or IP theft, which can cause both reputational and financial risk.
What needs to happen before 2019
The problem in cases like this is that traditional data loss prevention tools do not take into account the user element, i.e. what authorized insiders are doing with the data they are authorized to access. We need a better approach to make sure that regulated, confidential, sensitive, and business-critical data is not stolen or misused by insiders.
Enter the era of modern DLP! Unlike traditional DLP, modern DLP solutions use rules that define violations based on user activity, i.e. how authorized users are accessing, deleting, and copying data. These rules could be used to send an alert, warning, or even block an action entirely. They could also block the action or lock the user out completely.
Modern DLP solutions are intelligent data loss prevention systems, combining multiple disciplines including user activity monitoring, behavior analytics, and forensics in order to increase the effectiveness of a DLP implementation. These comprehensive DLP solutions allow for broader and more capable oversight to be implemented that can analyze user behavior, assign risk scores, and take action based on a complex set of user activities and data access.
With human behavior-driven data loss prevention, organizations have emphasis on user activity monitoring and the ability to define and then dynamically update risk scores for different types of users. Leveraging machine learning and artificial intelligence to identify the anomalies, DLP can take action based on users’ behavior.
Insider threats and DLP are a hot topic of conversation between at board meetings. This is a positive trend as it ensures visibility at the board level to the risks associated with insider threats and the urgency of a comprehensive DLP strategy to minimize data exfiltration risk. A well-thought through DLP implementation, coupled with transparency and employee training on security and appropriate use of sensitive data will ensure a successful and effective data loss prevention policy.