Protecting Your Company’s Data Against Insider Threats

Uploaded on 2019-01-14 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Perhaps because of their incredible scope or their shocking prevalence, data breaches are creating a lot of general  interest.  It seems that a new event happens every week and even though companies rightly fear an attack from an external source, internal threats pose a hidden risk, accounting for a substantial number of data breaches.

While we hear about major incidents in the media, the truth is that no business is immune from the danger of insider threats. Fortunately, companies are quickly recognising this new dynamic.

According to a recent report by CA Technologies, 90% of organisations feel vulnerable to insider attacks. Indeed, the financial impact, the loss of core IPs, and the damage to brand reputation are cascading problems that can shake the very foundation of any SME.

However, since insiders, including employees, suppliers, and partners, are already in the organisation’s trusted network, standard cybersecurity measures usually designed to defend against outside attacks aren’t adequate to protect the organisation from these accidental or malicious “enemies within.”
 
Therefore, organisations need to look into user activity and behavior monitoring and adopt a user-behavior driven data loss prevention strategy to effectively defend against insider threats. Here are ten tips to develop an insider threat prevention strategy:

1. Implement a Risk Assessment Methodology

When it comes to data security, operating without a plan is most certainly planning to fail. In today’s digital environment where data breaches and leaks are uncomfortably common, every organisation needs a holistic approach to data security.

In other words, the only way to effectively protect data is to analyse and evaluate every aspect of a company’s data landscape and to adopt a methodology for continually assessing the risk protection strategies already in place.

This includes identifying vulnerable assets and weak access points, while also observing risk trends and mitigating opportunities to fail.

While implementing a risk assessment methodology requires an all-in approach from the entire organisation, implementing the right technology, like comprehensive employee monitoring software, can be the natural next step to identify and prevent a devastating data loss event.

2. Monitor Employee activity, and respond to Suspicious Behavior

Advances in machine learning and other ancillary technologies allow companies to establish user profiles so that abnormal behavior can be identified and investigated.

For example, frequent late shifts, printing more documents than normal, or copying substantial amounts of data from external drives can be an indication of possible malicious behavior.

Of course, other, more-subtle activity can be a red flag as well. Powerful employee monitoring software equipped with Optical Character Recognition (OCR) and context analysis capabilities can detect when employees research topics related to hacking, an uptick in complaints or angry sentiments expressed through internet chats, or a sudden decline of work-related activities. These signals can all serve as a precursor to the intention to steal data.

While these behaviors may not necessarily indicate a data breach, they could mean everything for early detection, and they are worthy of response and investigation.

3. Collect and save Data for Forensic Examination

When a data loss event does occur, companies need to understand what happened so that they can improve their practices and seal the security holes.

In short, there is both an educational and a deterrence component to data security, and both require digital forensics.  

Therefore, recording sessions when employees access sensitive information, maintaining logs of data access, and sustaining digital activity trails can equip IT admins with the investigative capabilities necessary to evaluate the threat and to fortify protocols to prevent it from happening again.

4. Minimise the threat by limiting access to safe resources

The internet is an expansive ecosystem with a myriad of websites and apps that, taken together, represent both an opportunity and a threat to organizations striving to protect their data.

To limit their exposure, companies should determine and implement a whitelist and a blacklist for websites or apps that are useful or even dangerous. Moreover, for the inevitable gray area between white and black lists, IT admins should be notified when unknown apps are being accessed so that they can evaluate the use and take action if necessary.

5. Classify sensitive data and implement perimeter rules

Not all data is created equally, and some data is more sensitive than others. More importantly, not all employees need to have access to all the organization’s data. Classify sensitive data as such, and limit access to employees who actually need that information.

In a very real way, employees should be on a need-to-know basis, and today’s software can ensure that they only have access to what they need to see. Perhaps more importantly, sensitive data can be protected with additional security measures like tagging and fingerprinting that can, among other features, stop users from sharing secure data.

6. Automate Security Policies to take Proactive Action

Whether they act maliciously or accidentally, employees can quickly compromise their company’s data. Fortunately, by deploying the right software, any organisation can automate policies that proactively prevent this from happening.

For instance, it’s possible to prevent employees from opening PDFs from unknown email senders and to block the upload of company files to personal storage sites like Dropbox or Google Drive.

As a best practice protocol, companies should implement privileged user monitoring to maintain extra vigilance and scrutiny for administrators and other privileged users, ensuring that they don’t create new system rules, open backdoor accounts, increase their system privileges, access sensitive personal information, or edit configuration or system files.  

7. Implement Third-Party vendor Monitoring

Maintaining a modern IT infrastructure frequently involves providing third-party vendors with network access, which can compromise user data. According to a 2018 study by the Ponemon Institute, more than half of companies that experienced a data breach attribute the cause to a third-party vendor.

The ability to access system preferences allows external vendors to steal company data as well as damage IT infrastructure, but monitoring third-party vendors can protect against inappropriate data use or theft. In addition, companies can suspend a vendor’s credentials, so that they cannot access the network unless they are actively working on a project.  

Collaborating with third-party vendors may be a veritable necessity of the digital age, but that doesn’t mean that sensitive data needs to be compromised in the process.

8. Establish compliance and security Standards

In today’s regulatory environment, data loss isn’t just an existential threat, it’s a practical problem with legal and financial consequences. The implementation of Europe’s comprehensive GDPR legislation, the medical sector’s HIPAA guidelines, and other forthcoming regulations significantly raise the stakes for data protection.
Identifying and examining their protocols can yield helpful strategies for preventing data loss, while simultaneously ensuring that companies remain compliant with their increasingly stringent demands.

9. Integrate DLP and SIEMs for better coverage

When examining a company’s network infrastructure, it’s critical to attain as much security coverage as possible. Therefore, choose a solution that provides a unified insider detection and data loss prevention feature set.

A responsive, real-time DLP framework that seamlessly integrates with SIEMs provides centralized insight into data management protocols and offers real-time alert management for complete security coverage.

10. Train & Educate Employees, Contractors, and Suppliers

Ultimately, data protection is a priority that requires consistent training and retraining to be effective. Although it may look different for each company, outlining the boundaries with a comprehensive Acceptable Use Policy is a natural next step.

Best practice guides, business etiquette initiatives, and onboarding training can reinforce and reproduce company values. When combined with instructive technology that provides on-time warning messages and behavior-shaping monitoring tools, companies can create a dynamic learning environment that educates their workforce on the practice and priority of data security.

In today’s data landscape it’s more important than ever for companies to protect against the insider threats lurking within their companies. To be sure, this starts with hiring the right people who support and adopt the organisation’s data security mindset.

Implementing the right policies and integrating the right technologies can make all the difference. Comprehensive employee monitoring software is the place to start, providing valuable metrics and instituting guidelines to protect against internal threats.

IT Security Central:

You Might Also Read:

Breakthrough Technologies To Combat Insider Threats:

 

« Breaking Down Five 2018 Breaches
UK Launches Long-Awaited Cyber Skills Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Howden Broking Group

Howden Broking Group

Howden provides a range of specialist insurance solutions to clients around the world including Cyber Liability insurance.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

Somansa

Somansa

Somansa is a global leader in Data Security and Compliance solutions designed to protect valuable company information from leakage and help meet regulatory compliance requirements.

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

Andreessen Horowitz (a16z)

Andreessen Horowitz (a16z)

Andreessen Horowitz (known as "a16z") is a venture capital firm in Silicon Valley, California that backs bold entrepreneurs building the future through technology.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Emtec

Emtec

Emtec’s cyber security team provides advisory, assessment, & managed security services that help you build the cyber security policies, toolsets & best practices to elevate your cyber security posture

Datagroup

Datagroup

Datagroup makes IT easy. Our IT experts ensure that your technology is always up to date with perfectly customized solutions.