Data breaches continue to devastate organizations, and the threat from insiders — whether malicious or accidental — continues to grow as the value and volume of data expands at near breakneck speed.
The latest research from Verizon showed that internal actors contributed to 25% of data breaches, and other research has shown insider threats to be on the rise, with more than half of cybersecurity professionals reporting growth in insider threats over last year, according to Crowd Research Partners' 2017 Threat Monitoring, Detection and Response report (registration required).
None of this is surprising. Enterprises are accumulating ever-more data for business intelligence. They're sharing more data with partners, suppliers, customers, and cloud providers, and they're linking more data to more applications, mobile and otherwise. This activity is the lifeblood of a robust economy and expanding Internet of Things ecosystem, but it also creates more opportunities for increasingly sophisticated cyber attacks and security breaches.
Not Just an Inside Job
With an insider threat, the culprit is already inside the network. Securing the perimeter around the network — which has long been the focus for enterprise security — does not do the job against this kind of a threat, whether it is malicious or unintentional. Nor is focusing on securing the perimeter the best strategy against many external threats. That's because data-smart companies want to be able to safely give partners, suppliers, and customers access to their networks in order to increase business opportunities.
As a result of this shift, security needs to rest with the data itself, not just at the network level. The move to the cloud elevates the need for data-level protection. To reduce the risk of insider threats, companies and organizations need to focus on three areas:
Hurdle 1: The Data
Connected enterprises need and want approved partners inside their networks, but they don't want everybody to have access to all data. As a result, database technologies today offer flexible and granular access controls to ensure that employees only have the privileges necessary to do their jobs — and nothing else. For instance, someone in Human Resources may be allowed to access work-related salary information but not personal information such as an employee's home address.
Other types of database security measures also can act directly on data. Encryption technologies require people to have encryption keys to unlock data. Redaction enables companies to hide sensitive data, but share other, related data. For instance, if a patient is enrolled in a clinical trial, data about how that patient reacts to a drug can be shared, but the patient's personal identified information is not.
All of these tools improve data-level security. But for enterprises to really wring business intelligence out of their data, they also need to trust their data. This requires good data governance: knowing where data came from, when, how and if it was changed, and by whom. With security at the data level, inside actors face another hurdle.
Hurdle 2: Awareness Training
Employee negligence remains the number one cause of most insider security events, concluded CSO's 2017 U.S. State of Cybercrime survey. All told, 28% of insider security incidents were unintentional or accidental, 18% were intentional, and 8% resulted from theft of insider credentials, according to the survey. In healthcare, the 2017 KPMG Cyber Healthcare & Life Sciences Survey of 100 senior executives reported that a full 55% of organizations have seen employees fall prey to phishing scams. All of this points to a need for better education.
Companies vary in how and how often they train, but the key factor is that employees need to buy into the idea that security is important. Educate them on the value of company data, on different types of data, what's shareable and what's not, and why access controls are critical. Remind employees that downed networks and lost data affect business reputations, which may hinder future opportunities. Anyone can relate to the pain and cost of having their identity stolen. A company is similarly vulnerable.
Hurdle 3: Executive Buy-in
Executives set the tone for how important something really is to a particular organization. Are executives investing in security and training? Do they talk about security with employees and with board members? Despite the importance of data security in healthcare, KMPG's survey found that more than one-third of healthcare organizations don't even have a CISO, and 6 in 10 boards see cyber-risks as an IT problem as opposed to an issue that has a universal impact.
Hurdle 4: The Promise of Big Data
In the past, security detection was limited to looking for patterns in network-centric data. Now, we have data on servers and in databases, all of which can be monitored and audited to provide a richer set of detection opportunities. Metadata — data about data, such as data origin, quality, owner, geolocation — creates new opportunities for security anomaly detection. Combine all that data with big data compute power and you have another tool to detect breaches or, better yet, stop them before they get that far.
- 7 SIEM Situations That Can Sack Security Teams
- Ransomware Will Target Backups: 4 Ways to Protect Your Data
- GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.