sb-nz logo
Story image

Protecting organisations from insider threats - Bitglass

05 Jul 2019

Article by Bitglass Asia Pacific and Japan sales VP David Shephard

The traditional focus of IT security has been on keeping out external threats, but the volume and frequency of security breaches caused by disgruntled, careless or negligent insiders has risen significantly in recent times.

Insider threats pose equally serious threats to organisational security.

The biggest challenge for most external threat actors is gaining access to a target organisation, but insider threats already have this.

As a result, nearly all traditional perimeter security defences are ineffective against them.

Usually, threatening insiders are authorised employees or contractors with valid credentials and physical access to an organisation’s buildings, making it far more difficult for security personnel to protect against them.

Of course, not all insider threats are malicious.

Many are sparked by careless employees who click on harmful email links or attachments without knowing, use unsecured public Wi-Fi, or accidentally leave their laptops in a public place.

Regardless of users’ intentions, any resulting data breach can damage an organisation financially and cause reputational harm.

Cloudy outlook

Evidence suggests that security incidents involving insider threats are on the rise.

In a recent survey by Bitglass, more than two-thirds (73%) of respondents said they believed insider attacks had become more frequent over the past year.

Additionally, 59% of respondents said their own organisations had experienced at least one insider attack in the past 12 months – compared to just 33% the year before.

When asked why they thought this was, the top five answers were:

1)       Insiders have valid credentials (55%)

2)       Increased use of unmanaged applications (44%)

3)       Data being accessed off premises (44%)

4)       More end-user devices susceptible to theft (39%)

5)       Data storage moving to the cloud (36%)

Four of these five reasons relate to moving data off premises and into a growing number of mobile devices and cloud-based applications.

While the business benefits of such actions are becoming increasingly difficult to ignore, so are the associated security risks.

For instance, as more organisations adopt initiatives such as bring your own device (BYOD), it’s becoming much harder for an organisation to ensure a secure data environment and/or spot compromised devices quickly.

As the popularity of the cloud multiplies, the traditional security perimeter has all but disappeared.

Maintaining data security in such an environment requires specialised tools, which many organisations have not adopted.

Some 41% of respondents said they didn’t monitor for abnormal behaviour across their cloud footprints, while 19% did not know whether or not their organisations did.

As a result, only around half of respondents were confident they could detect an insider attack on the day it occurred.

14% said it would take them at least three months to do so, if at all.

What can organisations do?

The unpredictability of insider threats, combined with the complication of cloud environments, means that an integrated, layered solution offers the best defence for organisations.

Below are four core components of such a solution:

1)  Data Loss Prevention (DLP):  Properly integrated cloud DLP enables employees to work when and where they want, while keeping data secure. A good cloud DLP offering includes file encryption, redaction, watermarking/tracking and other tools to ensure that sensitive data remains protected at all times.

2)  Access control and identity management:  Dynamic identity management solutions that integrate with existing systems, manage user access and utilise multi-factor authentication are much more effective than basic password protection.

For example, if a system records an employee logging in from a country where they’ve never authenticated, it can alert IT personnel to suspicious behaviour, helping to secure the account before a breach takes place.

3) Automation:  In cloud-based environments, automated security solutions are becoming increasingly essential – reactive solutions that rely on manual analysis are not fast enough. Fortunately, automated cloud solutions that employ machine learning can identify suspicious behaviour as it is taking place. 

For example, if a user suddenly downloads unusually large amounts of data or logs in and accesses data outside normal working hours, these tools can use an analytical, real-time approach, uncovering anomalous behaviour and taking corrective action as needed.

4) Training:  While technology can be a powerful way to improve an enterprise’s security posture, another effective tool is far simpler. Regular employee training promotes secure business practices and helps to minimise the threat of data theft by reinforcing the severity and consequences of theft and misuse – whether or not those actions are intentional.

The growing adoption of remote working initiatives and cloud-based environments has greatly improved the agility and productivity of modern organisations. 

It has also introduced new security issues. This is particularly true in the case of insider threats.

Many organisations are failing to adapt to these changes in the cybersecurity landscape.

Fortunately, taking the time to understand current risks and addressing them through a cloud-first security solution can allow an enterprise to enjoy the cloud’s benefits while ensuring that its data is safe from insider threats.

Link image
How to prioritise metrics as an e-commerce CTO
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metricsMore
Story image
Huawei introduces all-flash OceanStor Dorado arrays
All-flash offers stability and high-performance storage with extremely low levels of latency – and it can offer reliability in the event of a disaster.More
Story image
Three-in-one cloud security can ease business through difficult times
By leveraging a comprehensive security platform, organisations can block threats and prevent leakage for all interaction between endpoints, devices and apps, writes Bitglass product marketing manager Juan Lugo. More
Story image
Huawei all-flash arrays scoop 'Recommended' rating from DCIG
The DCIG guide has recognised Huawei’s OceanStor Dorado V6 and OceanStor F V5 series, which have both achieved ‘Recommended’ ratings. More
Story image
Cyber-attacks thrust IT compliance to the top of the business agenda
If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.More
Link image
Nine developer enablement practices to achieve DevOps at enterprise scale
Senior software engineering leader with experience at multiple Fortune 500 companies shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More