The Secret to Protecting Against Insider Threats

Data breaches continue to devastate organisations, and the threat from insiders, whether malicious or accidental, continues to grow as the value and volume of data grows. 

Despite increasing awareness and spending, the problem with data security is getting worse. The Crowd Research Partners' 2017 Threat Monitoring, Detection and Response report shows that more than half of cybersecurity professionals have seen a growth in insider threats over the last year. 

 With an insider threat, the culprit is already inside the network. This means that securing the network perimeter (which has long been the focus for enterprise security), simply doesn’t do enough to keep these threats at bay.     

 The secret to truly protecting against insider threats lies with greater data-level protection. This is particularly true for any business making the move into the cloud, as cloud-based IT services are often staffed by non-employees who manage service platforms beyond the control and visibility of the organisation.  

 In order to safely manage your data and reduce the risk of insider threats, companies should focus on three areas: 

1.   The Data Dilemma - While data-smart companies increasingly need to give partners, suppliers and contractors access inside their networks to increase business opportunities, you don't want everybody to have access to all data. For instance, a contractor working to deploy a human resources solution may be allowed access to aggregate information about employees but not privileged to individual personal details.

 This is why you need a database that offers granular level access control to ensure that employees only have the privileges necessary to do their jobs — and nothing else.

 Then there are the types of database security measures that act on the data. For example, encryption technologies require people to have encryption keys to unlock data.

 As well, there’s redaction which allows companies to hide sensitive data whilst also safely making relevant data available. For enterprises to truly wring business intelligence out of their data, they also need to trust that the right people are seeing the right data to protect IP and remain compliant with industry regulations. This brings us to point #2.

 2.   Big Data Rules - In the past, security detection was limited to looking for patterns in network-centric data. Now, all data on servers and in databases can be monitored and audited to provide a richer set of detection opportunities. This however, does require good data governance. For example: knowing where data came from, when, how and if it was changed, and by whom. Being able to validate the data and metadata together (such as data origin, quality, owner, geolocation, etc) creates new opportunities to detect security anomalies.  

3.   Awareness Training – Employee negligence remains the number one cause of most insider security events, as reported in CSO's 2017 U.S. State of Cybercrime survey. According to the survey, 28% of insider security incidents were unintentional or accidental, 18% were intentional, and 8% resulted from theft of insider credentials.

 What this boils down to is that employees can compromise sensitive data all too easily, most often without even intending to, through negligence or just plain carelessness. So while it should be made clear that employees can do their part in simple ways such as backing up computers and keeping security systems up to date, more can and should be done to regularly educate staff.

 Employees need to ‘buy into’ the idea that security is important. Educate them on the value of company data, on different types of data, what's shareable and what's not, and why access controls are critical. Anyone can relate to the pain and cost of having their identity stolen.

It’s clear that organisations today need better data security. However, in the quest for better security, it’s important to the business to still maintain data sharing, and not just lock everything down. 

 The secret to protecting against insider threats is having the right data-level protections in place to ensure the right portions of data are accessible and shareable with those inside and outside the company. With data security controls in place, it’s possible to prevent a lot of the common security issues from happening in the first place.