[BreachExchange] Insider threat: Employees at the heart of companies' data security
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Aug 1 19:42:09 EDT 2017
https://www.scmagazineuk.com/insider-threat-employees-at-
the-heart-of-companies-data-security/article/675949/
The business impact of data breaches is spiralling. The average cost of a
UK company's information loss reached a record high of £2.53 million last
year. What's more, for the first time a report has claimed to be able to
measure the impact cyber-breaches have on companies' share prices: on
average, a company's value permanently drops by 1.8 percent following a
major breach (*). However, whilst businesses concern themselves with the
damage hackers or outside malicious attackers could cause, another issue to
consider is the rise of remote working and how employees treat company data
when not in an office environment.
It is well-known that the traditional workplace is no longer. Flexible
work options are becoming the new norm. Maintel's recent study found 65 per
cent of respondents are now confident requesting to work remotely and 60
per cent believe technology can replace human interaction in the office.
However, working remotely raises the risk of critical data being misplaced
by well-meaning employees. Two thirds (66 percent) of workers do not worry
about the safety of company data when working remotely. Does this imply
sensitive information is unlikely to be protected properly? How do
companies find the right balance between adapting to agile work practices
and keeping company data safe?
To prevent the insider threat and protect data, companies have a
responsibility to educate their employees and provide secure methods to
communicate and share confidential information outside of the office. There
is a wider need to help staff appreciate the damage seemingly innocent
activity, like logging on to emails on a personal device, could do. IT and
HR teams should work together to hold interactive training series,
demonstrating, for example, how hackers could exploit one compromised email
account to access the company's entire ecosystem. These sessions should be
re-enforced with clear compliance guidelines for staff to follow.
Organisations must also give employees the tools to keep data safe in the
first place and take as much of the process for security management out of
their hands as possible. To do so, companies should put in place an
overarching solution to protect data accessed at every location. Protection
mechanisms should now go beyond traditional firewalls and focus on the
end-user's devices. A cloud and software-based solution is ideal for this,
pushing programmes onto any given device and ensuring updates are
automatic. Deploying inline security that inspects end-user traffic across
multiple security techniques and containerised tools will also mean
employees have a secure way to keep in touch with colleagues via their own
devices on the move. Such an approach will mean firms can be assured that
their data is secure without causing too much disruption to productivity.
Moving into the future, and with increasing numbers of people working
remotely, analytics software will also play a large role in keeping data
safe. Through collecting and analysing data, firms can provide a
cyber-threat assessment and identify where an attack has originated, or
work out if a specific device is malicious or not part of the authorised
network before gaining access. By being able to ensure all devices on the
network are authenticated and safe, working remotely will become much more
data-protection friendly.
Being able to dynamically compute the risk of every object online with both
users and their devices is key for IT leaders to be comfortable while
enabling secure flexible working. And being able to provide accurate
analysis and appropriate communication of security metrics to the board of
directors is a critical component of the cyber-risk reduction process by IT
and security executives.
Whilst employees can be complacent about data security, business leaders
cannot afford to be. Firms need to evaluate their security procedures
around flexible working now, before it leads to a damaging data breach
which costs the company's bottom line. Putting processes in place will not
only protect the company, but also enable firms to continue to evolve their
flexible work policies in support of today's changing workforce.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170801/01421af2/attachment.html>
More information about the BreachExchange
mailing list