What's more of a threat to a company's data security: insiders or outsiders?
Figure 1. Percent of breaches per threat Actor category within Insider and Privilege Misuse2
While many organizations focus their security efforts on their network border, it is the insider that perhaps poses the most risk to cyber-security. Insider threats are classified as those in which maliciously or accidentally do things to put an organization and its data at risk can be many things and come from many angles. From executives to IT administrators to partners, who has authorized access to an organization’s network, system, or data intentionally exceeded or misused that access in a way that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems. Ponemon Institute reported, over 40% of organizations reported that they had either experienced a data breach or failed a security audit in the last year1.
Trust does not mean giving employees unrestricted and unnecessary access to information
Trust is an essential element to operating any type of organization. People need access to sensitive information and critical systems for many reasons and a level of trust has to be associated with that access. Understanding and managing that trust is the most critical—and difficult—challenge of dealing with insider threats. With the right security controls, organizations can significantly reduce their exposure to the risk of insider threats. The key is to find the right balance between employee enablement and control, while holding employees accountable for their actions. This requires a broad approach to allow an organization to carefully manage its identities, access and data, from identity management, to governance, monitoring, privileged identity management and data protection.
Figure 2. Top Misuse action varieties within Insider and Privilege Misuse2
How can we use technology solutions to better prevent insider threats?
Recent security technologies can reduce the damage of an insider security breach, identify a breach after-the-fact to enable an effective response, or even prevent a breach in the first place. Virtus Technology Indonesia, as part of CTI Group, provides the latest solutions to encounter insider threats.
1. Identity Management and Governance
A significant cause of security breaches is inappropriate entitlements. This can be caused by incorrect initial access rights settings, accumulation of entitlements over time, or even improper access rights for a user that were intentionally set by a rogue collaborating administrator. Entitlement accumulation can result from a lack of maintenance when an employee changes positions (joiner, mover, leaver) and maintains all of his or her old access rights. While incorrect user entitlements primarily increase the risk of insider threats, outsiders can also gain access to those accounts or find unused accounts that make it easier to hide their activities. One frequent mistake many organizations make is not immediately de-provisioning their accounts and removing all access rights when terminating administrators.
A best practice solution is a comprehensive and continuous process to understand which users should have access to which resources, then validating that each user has the appropriate access entitlements on a regular basis.
VTI Solution for Identity Management and Governance: RSA Via Lifecycle and Governance
2. Manage Privileged Users
Privileged accounts have the access needed for a person to view and steal an organization’s most sensitive information, or cause the most damage to critical IT systems. They are also typically shared, with multiple people having access to the same accounts and passwords, resulting in a lack of accountability.
Managing privileged identities requires a multi-pronged approach. In addition to managing shared accounts, additional controls enable accountability for insiders and can limit the damage done by an external attacker that gets access to an administrative account.
VTI Solution for Privileged Access Management: Dell TPAM
3. Multi Factor Authentication
Passwords (one factor authentication) don’t provide adequate security for today’s critical applications and information. Nowadays passwords are easy to break. We need multi factor authentication to protect the credentials.
VTI Solution for Multi Factor Authentication: RSA SecurID
4. Data Protection
Implement data loss prevention (DLP) technology that can be used to protect company data and reduce the chance that an insider can exfiltrate sensitive data at rest, data in use, and data in motion. While mobile, edge devices and BYOD will be protected by Mobile Device Management (MDM).
VTI Solution for Data Protection: Sophos and Trend Micro iDLP ; VMware Airwatch
5. Monitoring
Implementing integrated data monitoring and technologies such as security information and event management (SIEM) systems to identify data usage and unusual and malicious access patterns is critical to maximizing security. While User Behavior Analytics (UBA) delivers insight into the highest risk users and entities—even when credentials are legitimate.
VTI Solution for SIEM and UBA: HPE ArcSight
References
1. The Ponemon Institute, “The Risk of Insider Fraud: Second Annual Study.” February 2013
2. Verizon's 2016 Data Breach Investigations Report (DBIR)
