Insider Threats – what can you do?
The threat of employees accidentally giving cyber criminals access sensitive data remains a real problem for organisations. For years the old adage of employees remaining your weakest link has remained true, and a recent report from the Ponemon Institute has backed this up.
The 2020 Global Encryption Trends Study has shown that 54 percent of respondents identified employee mistakes as the top threat to sensitive data, by far the biggest threat with system or process malfunction (31 percent) and hackers (29 percent) following someway behind.
The fact that insider threats remain the biggest area for concern is a real issue. It means that either employees have not fully embraced or learned to take security practices seriously – or, organisations have not effectively communicated the importance of password and identity management.
Additionally, cyber criminals have continued to enhance their armoury to gain access to corporate networks and data sources via lax security – often in the home environment.
The cost of insider threat and data exposure
The importance of protecting data is now so high profile, any loss of data by a major brand or a large organisation is a national story. The public, politicians and regulators now have such a good understanding of the value of data that every company holding data is under huge scrutiny.
The financial cost is bad enough. Again, the Ponemon Institute in its 2018 Cost of Insider Threats study showed that the average cost of an insider-related incident is around £385,000 ($513,000), with insider-related incidents costing companies up to £6.5m ($8.76m) each year. However, the results of a successful data breech because of poor employee security are not just a financial concern.
The introduction of regulations such as GDPR have thrown data security into the spotlight like never before. The public and particularly the media now have a full understanding of its value and the importance of securing it. Therefore, any breach makes front page headlines, causing huge damage to the company, no matter how the data was exposed.
Business owners urgently need solutions that will preserve brand value and customer trust – and defend their organisations against financial losses and costly interruptions.
Communicating the insider threat to employees
Communicating the importance of data and securing it has to be high on an organisation’s agenda, alongside finding technology solutions to combat threats. The key is in how you communicate. Bringing employees along the journey of implementing new technology and highlighting the importance of following security policies is crucial
The amount of resource implemented to combat the threat of malicious outsider threats become a waste of time if your employees are leaving the door open anyway. Buy-in is crucial.
Part of gaining this buy-in is industrialising the process of data protection. Taking away the emphasis on individuals and manual processes and automating data collection and protection is a crucial step to secure employee buy-in.
By emphasising the importance of sticking to security guidelines and being aware of the latest threats and the methods that criminals are using to infiltrate infrastructure, as well as bringing them on the journey of implementing new technology, ensures that employees are more aware of doing the right thing at the right time.
The impact of COVID-19 on insider threats
The impact of the coronavirus is likely to greatly impact the nature of the accidental insider threat. The fact that individual mistakes were happening inside the corporate environment where security was heightened, and the IT/security teams could keep a closer eye on activity means that there was already a high risk from this type of attack.
With huge numbers of staff now working from home, using home networks and routers with often poor firewalls or security protocols has given rise to increasing levels of vulnerability.
Cyber criminals have been swift to capitalise on these vulnerabilities, specifically targeting those working from home with increasingly sophisticated attacks.
Insecure broadband connections, a more relaxed attitude to security practices with individuals more tempted to open links and emails that they might not have in the office, and away from the eyes of the IT department and yet still connected to the corporate infrastructure, all means that this is a vulnerable moment for many companies. Additionally, other householders are also a part of the home network and as such can fall victim to these same threats.
It is this accidental insider threat that is so difficult to deal with, especially away from the corporate environment. With the working from home trend very likely to remain after the threat from COVID-19 fades away, companies have to work out better security practices that incorporate the challenges working from home brings.
Again, automating the process of data protection will help with the working from home trend, but securing buy-in from employees remains critical.
Don’t just tick the regulatory boxes, be secure
The regulatory landscape around data is an increasingly complex one. The introduction of GDPR is a great example of where regulations are being introduced to combat the threat of data breaches. It is also a good example of how companies are rushing to ensure that they adhere to such regulations. The sheer panic caused by GDPR with companies rushing to tick the boxes of adherence was there for all to see.
However, companies should not be thinking “are we compliant” but rather they should be asking “are we secure?”. There is a difference, regulations cannot be introduced at the speed criminals can implement new, sophisticated technology to gain access. By being compliant you are only as secure as the threat was at the time the regulations were drawn up; it is likely the criminal is already two or three steps ahead.
Being proactive and ensuring best practice security measures are introduced, over and above the regulatory requirements, means that the threat of the accidental insider actions are somewhat nulled, whilst preparing organisations for future regulations.
We are living through unprecedented times, but as we have seen this seems to act as an incentive for cyber criminals to up their activity. This, alongside, more employees than ever working at home, away from corporate environments, means companies have to be on the front foot. Being proactive in their approach, ensuring that employees are fully brought in, whilst industrialising data processes and security will be crucial over the coming months.
Your Insider Threat Toolkit
There are a number of solutions that can immediately help you and your employees mitigate against accidental insider threats. Northdoor have the experience and expertise to deliver these solutions and more:
QRadar from IBM helps security teams accurately detect and prioritise threats across the enterprise. Working with Northdoor security experts, the Qradar solution actively detects threats across distributed networks.
Northdoor’s specialist security team can help you use QRadar to gain centralised insights across users, endpoints, clouds, applications, and networks. QRadar’s analytics engine uses a range of analytics to identify abnormal behaviour and anomalous activity that indicate known and unknown threats – including accidental insider threat activity.
Northdoor can provide comprehensive advice and security expertise to help you evaluate QRadar for your cyber threat detection needs.
IBM Cloud Pack for Security from Northdoor detects threats across hybrid and multicloud environments
If your business operates a hybrid or multicloud architecture, IBM Cloud Pak for Security can help you to reduce the time, cost and complexity of protecting your platforms, including AWS, Azure and IBM Cloud. And by partnering with Northdoor, you can dramatically cut the time required to deploy IBM Cloud Pak for Security.
Northdoor can help you deploy IBM Cloud Pak for Security anywhere: on-premises or on the cloud platform of your choice. And with a managed OpenShift platform from IBM, your business can gain the peace of mind that the solution won’t divert your IT experts from their value-added work.
To take the first step to a more secure hybrid or multicloud architecture, click here to arrange a consultation with Northdoor today.
Identity and Access Management solutions from Northdoor and IBM actively manage and mitigate insider threats by initiating the right safeguards to keep your most valuable information protected.
With virtually unparalleled identity and access management (IAM) and data security expertise, we can provide the benefits of a trusted advisor to augment your security staff.
Backed by IBM with their IBM X-Force® command centres and Northdoor’s managed security service consultants, we can offer the insight and IAM security experience to help you evaluate and implement an IAM solution to suit your distributed work-from-home environment.
If you are feeling exposed to accidental insider threat, or you want to secure your data with increased levels of access management get in touch today. Our data security consultants will be able to help you evaluate the solution for your business, and they will quickly guide you through deployment and configuration of IBM Security Verify so you can get hands-on experience.
Right now, Northdoor are offering a fully guided free trial of IBM’s Security Verify Identity and Access Management solution, so act now to take advantage of this offer.