[BreachExchange] Why internal endpoints are a quick win in the fight against data theft

Audrey McNeil audrey at riskbasedsecurity.com
Wed Mar 30 19:55:07 EDT 2016


http://www.information-age.com/technology/security/123461171/why-internal-endpoints-are-quick-win-fight-against-data-theft

For all the disruption they caused at the time, the hack attacks on
TalkTalk, Target, Ashley Madison, and JD Wetherspoon in the latter half of
2015 have focused executives’ minds on cyber risks like never before.

In the aftermath, the brands affected were falling over each other to
explain the steps they were taking to ensure it never happened again.
Investments in cyber security - often viewed as an expensive overhead -
were suddenly a source of pride; hitherto onerous data protection
regulations became a safe refuge in the face of increasing public scrutiny.

This is very encouraging, but their focus could be too far-sighted. There
is a grave danger that organisations are channelling resources towards
mitigating external threats, while neglecting the risks that come from
within.

The dangers of this became clear in February, when a former employee of
Ofcom was caught attempting to pass confidential data to his new employers.
That the data was passed to another business and not to a ‘dark net’
download site is immaterial - sensitive information was compromised, as a
consequence of which Ofcom found itself apologising to the very
broadcasters and media organisations it is supposed to police.

Ofcom’s case is by no means isolated. Internal risks - from disgruntled
staff or mislaid devices - are as significant a risk to data protection as
external hackers (in yellow).

Like external threats, organisations’ approaches to mitigating internal
risks have been patchy, with overzealousness in some areas masking
lassitude elsewhere. Most firms, for example, have rigorous password
protocols.

However, how many continually adjust and refine employees’ access to
applications and data as their roles change - so people only have access to
what their job requires.

Manage the endpoints, and the risks will manage themselves

This patchwork leads to a confusing mass of information and intelligence -
which makes building a clear picture of the organisation’s security posture
and vulnerabilities difficult and time-consuming.

In a world where data from a stolen device could be somewhere for sale on
the dark net within minutes, the ability to monitor - and act - in
real-time is crucial. To put it another way, organisations must build a
‘single source of truth’ covering all of their end-points including
desktops, laptops, smartphones and tablets.

Mitigating internal threats in this environment revolves around the ability
to do three things very well:

Account for the location of employer-owned devices

Offering flexible working carries with it the implicit trust that employees
will safeguard their devices and data. Endpoint security technology can add
a further layer of reassurance, by tracking the location of these devices
and triggering an alarm should the device be lost or stolen

Detect and mitigate suspicious behaviour

As night follows day, attempts to circumvent corporate IT Security
technologies by an employee (like firewalls or encryption) leave an
organisation with security vulnerabilities.

In these circumstances, administrators need to monitor and manager end
users and their devices in real-time, if necessary, pushing out updates for
out-of-date security software or switching on encryption event when it’s a
remote user off the corporate network.

Provide a thorough audit trail

Data is everything when organisations are reassuring staff and customers
after security breach. What is more, regulators increasingly demand it. The
ability to compile a detailed narrative for each incident is vital not just
for forensic purposes. It could just be what saves the organisation’s
reputation.

Broader benefits

There’s more to endpoint security than tracking down errant data and
catching out careless staff. The single source of truth on endpoints can
start paying for itself almost immediately, in the form of improved IT
asset management.

Organisations have long been paying for far more software licenses than
they actually need in order to avoid even heavier penalties from vendors.
Endpoint security tools help firms ensure they only buy licenses which they
know will be used.

And, when an employee has finished using a particular app, for example when
they are promoted, IT administrators can easily re-allocate the licence to
whoever takes over their job.

Intelligence is everything

If there is one learning from the security breaches of the past year, it is
that nobody can consider themselves immune to attack. And, while external
threats are more challenging to mitigate (as well as generating more column
inches), the actions of staff within the organisation are just as dangerous.

By building a single source of the truth about the status, location and
content of their devices, IT teams will chalk up a quick win for ensuring
the unthinkable doesn’t happen for some time to come.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160330/a79f95de/attachment.html>


More information about the BreachExchange mailing list