The traditional focus of IT security has been on keeping malicious external threats out of an organisation but there has been a significant rise in the volume and frequency of security breaches caused by a different type of threat, namely disgruntled, careless or negligent insiders. Steve Armstrong, Regional Director UK, Ireland and South Africa at Bitglass, tells us about the unique security challenges posed by these insider threats, how the transition to the cloud has made it even harder to protect against them and what tools are available to help organisations keep their sensitive data secure, wherever it may be.
IT security has traditionally been focused on external threats – but what if the threat comes from one of your own, rather than your archetypal stranger? Be it a disgruntled employee or as careless one, insider threats have become a major concern for companies everywhere.
A recent Bitglass survey reported that 59% of organisations had suffered from an insider threat in the past 12 months alone – up from 33% the previous year. The study goes on to state the five top reasons given behind this increase:
- Insiders have valid credentials (55%)
- Increased use of unmanaged applications (44%)
- Data being accessed off premises (44%)
- More end-user devices susceptible to theft (39%)
- Data storage moving to the cloud (36%)
Figures from Verizon’s Insider Threat Report not only support the findings of the Bitglass study but they highlight a wide variety of reasons why a malicious insider chooses to steal data from his or her employer. According to Verizon’s report, the top motivations over the last year include financial at 47.8%, fun at 23.4% and espionage at 14.4%.
This article will assess the unique security challenges posed by insider threats, how the transition to the cloud has made it even harder to protect against them and what tools are available to help organisations keep their sensitive data secure – wherever it may be.
Insider threats are as equally serious as those that originate from the outside, but they have one obvious advantage. External attackers face the challenge of gaining access to the target organisation, whereas insider threats, by their very definition, are already in. As a result, nearly all traditional perimeter security defences that an organisation has in place are ineffective against them. It’s important to note that not all insider threats are malicious.
Many are simply careless employees who click on harmful email links or attachments without knowing, use unsecured public Wi-Fi, or accidentally leave their laptops in a public place. Regardless of intentions however, any resulting data breach can damage an organisation financially and cause reputational harm.
It is true that insider threats are, more often than not, authorised employees or contractors with valid credentials and physical access to organisational buildings, making it much harder for security personnel to protect against them. However, 80% of the reasons stated are related to moving data off premises and into a growing number of mobile devices and cloud-based applications.
The business benefits of adopting initiatives such as bring your own device (BYOD) are difficult to ignore. However they also make it much harder for an organisation to ensure a secure data environment and/or spot compromised devices quickly. Additionally, as the popularity of the cloud continues to grow, the traditional security perimeter has all but disappeared.
Maintaining security in a more flexible working environment like BYOD requires different processes and practices that most organisations don’t bother with. In fact, 41% of survey respondents confirmed that they do not monitor for abnormal behaviour across their cloud footprints and 19% did not know whether their organisations did or not.
As a result, only around half of respondents were confident that they could detect an insider attack on the same day that it occurred. 14% said it would take them at least three months to do so, if at all.
Four core components to the best defence
An integrated, layered solution is the best approach when securing against the unpredictability of insider threats, combined with the added complication of cloud environments.
1) Training: Regular employee training promotes secure business practices and helps minimise the threat of data theft by reinforcing the severity and consequences of theft and misuse – whether said actions are intentional or not.
2) Access control and identity management: Dynamic identity management solutions that integrate with existing systems, manage user access and utilise multi-factor authentication are much more effective than basic password protection.
3) Automation: Automated cloud solutions that employ Machine Learning can identify suspicious behaviour as it is taking place. For example, if a user suddenly downloads unusually large amounts of data or logs in and accesses data outside of normal working hours, these tools can use an analytical, real-time approach, uncovering anomalous behaviour and taking corrective action as needed.
4) Data Loss Prevention (DLP): A good cloud DLP offering includes file encryption, redaction, watermarking/tracking and other tools to ensure that sensitive data remains protected at all times.
The growing adoption of remote working initiatives and cloud-based environments has greatly improved the agility and productivity of modern organisations; however, it has also introduced new security issues. Taking the time to understand modern risks and addressing them through a cloud-first security solution can allow the enterprise to enjoy the cloud’s benefits while simultaneously ensuring that data is safe from insider threats.