Information security / Protecting your organisation from insider threats
Protecting your organisation from insider threats
10 June 2019
Steve Armstrong, Regional Director UK, Ireland, and South Africa at Bitglass, considers the unique security challenges posed by insider threats, how the transition to the cloud has made it even harder to protect against them, and what tools are available to help organisations keep their sensitive data secure – wherever it may be.
The traditional focus of IT security has been on keeping external threats out of an organisation. However, there’s recently been a significant rise in the volume and frequency of security breaches caused by disgruntled, careless, or negligent insiders.
Also of interest: Impersonation attacks targeting organisations rose by 70% in 2019
The dangers of insider threats
Insider threats pose a different, yet equally serious threat to organisational security. The biggest challenge for most external threat actors is gaining access to the target organisation, whereas insider threats, by their very definition, already have this.
As a result, nearly all traditional perimeter security defences that an organisation has in place are ineffective against them.
In most cases, threatening insiders are authorised employees or contractors with valid credentials and physical access to organisational buildings, making it much harder for security personnel to protect against them. It’s important to note that not all insider threats are malicious.
Many are simply careless employees who click on harmful email links or attachments without knowing, use unsecured public Wi-Fi, or accidentally leave their laptops in a public place. Regardless of users’ intentions, any resulting data breach can damage an organisation financially and cause reputational harm, as well.
Also of interest: Breaking into the mind of a hacker
A growing issue for cloud-based environments
Unfortunately, evidence suggests that security incidents involving insider threats are on the rise. In a recent survey by Bitglass, more than two thirds (73%) of respondents said that they believed insider attacks had become more frequent over the past year.
Additionally, 59% of respondents said that their own organisations had experienced at least one insider attack in the last 12 months – compared to just 33% the year before. When asked why they thought this was, the top five reasons given were:
1) Insiders have valid credentials (55%)
2) Increased use of unmanaged applications (44%)
3) Data being accessed off premises (44%)
4) More end-user devices susceptible to theft (39%)
5) Data storage moving to the cloud (36%)
Four of these five reasons are related to moving data off premises and into a growing number of mobile devices and cloud-based applications. While the business benefits of such actions are becoming increasingly difficult to ignore, so too are the security risks associated with them.
For instance, as more organisations adopt initiatives such as bring your own device (BYOD), it’s becoming much harder for an organisation to ensure a secure data environment and/or spot compromised devices quickly. Additionally, as the popularity of the cloud continues to grow, the traditional security perimeter has all but disappeared.
Maintaining data security in such an environment requires specialised tools, which many organisations have not adopted. According to Bitglass’ survey, 41% of respondents said that they did not monitor for abnormal behaviour across their cloud footprints, and 19% did not know whether their organisations did or not.
As a result, only around half of respondents were confident that they could detect an insider attack on the same day that it occurred. 14% said it would take them at least three months to do so, if at all.
What can organisations do?
The unpredictability of insider threats, combined with the added complication of cloud environments, means that an integrated, layered solution offers the best defence for organisations. Below are four core components of such a solution:
1) Data Loss Prevention (DLP):
Properly integrated cloud DLP enables employees to work when and where they want, whilst also keeping data secure. A good cloud DLP offering includes file encryption, redaction, watermarking/tracking and other tools to ensure that sensitive data remains protected at all times.
2) Access control and identity management:
Dynamic identity management solutions that integrate with existing systems, manage user access and utilise multi-factor authentication are much more effective than basic password protection.
For example, if a system records an employee logging in from a new country in which they’ve never authenticated, it can alert IT personnel of suspicious behaviour, helping them to secure the account before a breach takes place.
In cloud-based environments, automated security solutions are becoming increasingly crucial – reactive solutions that rely on manual analysis are simply not fast enough.
Fortunately, automated cloud solutions that employ machine learning can identify suspicious behaviour as it is taking place.
For example, if a user suddenly downloads unusually large amounts of data or logs in and accesses data outside of normal working hours, these tools can use an analytical, real-time approach, uncovering anomalous behaviour and taking corrective action as needed.
While technology can be a powerful way to improve an enterprise’s security posture, another effective tools is far simpler. Regular employee training promotes secure business practices and helps minimise the threat of data theft by reinforcing the severity and consequences of theft and misuse – whether said actions are intentional or not.
The growing adoption of remote working initiatives and cloud-based environments has greatly improved the agility and productivity of modern organisations; however, it has also introduced new security issues.
This is particularly true in the case of insider threats. Sadly, many organisations are failing to adapt to these changes in the cyber security landscape.
Fortunately, taking the time to understand modern risks and addressing them through a cloud-first security solution can allow the enterprise to enjoy the cloud’s benefits while simultaneously ensuring that data is safe from insider threats.