Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/6/2017
10:30 AM
Tom Thomassen
Tom Thomassen
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Rise in Insider Threats Drives Shift to Training, Data-Level Security

As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.

Data breaches continue to devastate organizations, and the threat from insiders — whether malicious or accidental — continues to grow as the value and volume of data expands at near breakneck speed.

The latest research from Verizon showed that internal actors contributed to 25% of data breaches, and other research has shown insider threats to be on the rise, with more than half of cybersecurity professionals reporting growth in insider threats over last year, according to Crowd Research Partners' 2017 Threat Monitoring, Detection and Response report (registration required). 

None of this is surprising. Enterprises are accumulating ever-more data for business intelligence. They're sharing more data with partners, suppliers, customers, and cloud providers, and they're linking more data to more applications, mobile and otherwise. This activity is the lifeblood of a robust economy and expanding Internet of Things ecosystem, but it also creates more opportunities for increasingly sophisticated cyber attacks and security breaches.

Not Just an Inside Job
With an insider threat, the culprit is already inside the network. Securing the perimeter around the network — which has long been the focus for enterprise security — does not do the job against this kind of a threat, whether it is malicious or unintentional. Nor is focusing on securing the perimeter the best strategy against many external threats. That's because data-smart companies want to be able to safely give partners, suppliers, and customers access to their networks in order to increase business opportunities.

As a result of this shift, security needs to rest with the data itself, not just at the network level. The move to the cloud elevates the need for data-level protection. To reduce the risk of insider threats, companies and organizations need to focus on three areas:

Hurdle 1: The Data
Connected enterprises need and want approved partners inside their networks, but they don't want everybody to have access to all data. As a result, database technologies today offer flexible and granular access controls to ensure that employees only have the privileges necessary to do their jobs — and nothing else. For instance, someone in Human Resources may be allowed to access work-related salary information but not personal information such as an employee's home address.

Other types of database security measures also can act directly on data. Encryption technologies require people to have encryption keys to unlock data. Redaction enables companies to hide sensitive data, but share other, related data. For instance, if a patient is enrolled in a clinical trial, data about how that patient reacts to a drug can be shared, but the patient's personal identified information is not. 

All of these tools improve data-level security. But for enterprises to really wring business intelligence out of their data, they also need to trust their data. This requires good data governance: knowing where data came from, when, how and if it was changed, and by whom. With security at the data level, inside actors face another hurdle.

Hurdle 2: Awareness Training
Employee negligence remains the number one cause of most insider security events, concluded CSO's 2017 U.S. State of Cybercrime survey. All told, 28% of insider security incidents were unintentional or accidental, 18% were intentional, and 8% resulted from theft of insider credentials, according to the survey. In healthcare, the 2017 KPMG Cyber Healthcare & Life Sciences Survey of 100 senior executives reported that a full 55% of organizations have seen employees fall prey to phishing scams. All of this points to a need for better education.

Companies vary in how and how often they train, but the key factor is that employees need to buy into the idea that security is important. Educate them on the value of company data, on different types of data, what's shareable and what's not, and why access controls are critical. Remind employees that downed networks and lost data affect business reputations, which may hinder future opportunities. Anyone can relate to the pain and cost of having their identity stolen. A company is similarly vulnerable.

Hurdle 3: Executive Buy-in
Executives set the tone for how important something really is to a particular organization. Are executives investing in security and training? Do they talk about security with employees and with board members? Despite the importance of data security in healthcare, KMPG's survey found that more than one-third of healthcare organizations don't even have a CISO, and 6 in 10 boards see cyber-risks as an IT problem as opposed to an issue that has a universal impact.

Hurdle 4: The Promise of Big Data
In the past, security detection was limited to looking for patterns in network-centric data. Now, we have data on servers and in databases, all of which can be monitored and audited to provide a richer set of detection opportunities.  Metadata — data about data, such as data origin, quality, owner, geolocation — creates new opportunities for security anomaly detection. Combine all that data with big data compute power and you have another tool to detect breaches or, better yet, stop them before they get that far.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Tom Thomassen is a senior staff engineer of security at MarkLogic. He is responsible for helping identify and implement secure development practices into the company engineering process, educating the team on security best practices, monitoring and responding to changes in ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hykerfred
50%
50%
hykerfred,
User Rank: Apprentice
10/10/2017 | 7:19:25 AM
Strong end-to-end data life cycle encryption
A complicating issue that you briefly touch upon is about data ownership. When partners share data, how do you maintain control? Or if you are part of a system of systems, like e.g. a smart city application, where you provide data "upwards" in the system hierarchy, but you still want to control it so that it doesn't leak to your competitors "sideways"? Or you want to have different pricing on specific data elements depending on usage and users in this ecosystem of systems?

I strongly believe in encryption as the mechanism that needs to be fully implemented, as you point out. A good granular and distributed encryption model that can handle the complicated key sharing needed can also solve many of the other issues I mention.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/9/2017 | 3:08:24 PM
Human Resource
The rules of an HR department share in this --- and some departments interface badly with the IT sector.  In a position I left in July of this year, i still had access to email (potentially everything) for about 2 weeks.  The insider threat is very real when it comes to terminated employees, who find any number of reasons to take whatever they can before being walked out of the door.  And HR policies can be awful.  When someone is fired or let go, RULES should come into effect RIGHT THEN AND THERE.  Inventory clean up, preservation of data, legal hold, and elimination of login and access rights WITHIN 30 MIN if possible.  
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: He still insists that security by obscurity is the way to go.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9681
PUBLISHED: 2019-09-17
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X...
CVE-2019-9009
PUBLISHED: 2019-09-17
An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted network packets cause the Control Runtime to crash.
CVE-2018-20336
PUBLISHED: 2019-09-17
An issue was discovered in Asuswrt-Merlin 384.6. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
CVE-2019-12755
PUBLISHED: 2019-09-17
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
CVE-2019-14826
PUBLISHED: 2019-09-17
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.