[BreachExchange] 5 Ways to Improve Insider Threat Prevention

Audrey McNeil audrey at riskbasedsecurity.com
Thu Mar 15 18:57:28 EDT 2018


https://www.databreachtoday.com/blogs/5-ways-to-improve-
insider-threat-prevention-p-2602

If you browsed the latest security headlines, you'd probably think the
majority of data breaches were related to hackers, political activists,
malware or phishing. While the latter two hint at it, the truth is that
nearly half of all data breaches can be traced back to insiders in some
capacity.

While we recently examined the rising of the politically motivated insider,
the truth is that most incidents are traced back to employees who are just
negligent or unaware, whether it's accidentally emailing customer data to
an external party or clicking a phishing link.

Most "mistakes" come from negligent insiders. Unfortunately, these insiders
are often the hardest to identify. With no malicious intent, these
employees are just trying to be productive and independent, which sometimes
leads them to circumvent IT, download insecure apps or mistakenly click
that phishing link.

The ways that insiders put data at risk are always changing. A combination
of education and technology is the best approach to detecting and
remediating negligent user behavior. While security training is pretty
standard these days for new employees, it's not uncommon for most
organizations to forget to build in reminders or to update training over
time. Employees may simply forget they aren't supposed to email data or use
open Wi-Fi networks.

Insider Threat Prevention Requires Visibility

With the explosion of cloud storage, SaaS and the growth in IoT, OT and IoT
devices, there are now more ways than ever for data to be inappropriately
shared, making it difficult to be 100 percent certain where company data
and sensitive information may end up.

While I expect big things to come out of intent-based security, machine
learning and AI, we don't need to look to future technology to solve all of
today's problems with insiders. We'll never shore up all the cracks in data
security, but we can most definitely improve on the status quo. Here are
five critical steps:

1. Watch the movement of data. You need to be able to watch for the
movement of critically important internal and customer data as it traverses
within (and outside) your environment. Most organizations are solid on
network monitoring but lack control and visibility over data as moves onto
devices or into the cloud
2. Monitor for Shadow IT. Look for applications and tools that have not
been approved or vetted by your IT and security teams for use. While
blocking all non-approved apps and tools could clamp down on productivity,
it is critical to have plans in place when these apps may compromise
sensitive data
3. Address endpoint security. Ensure the physical security of your employee
devices and the corporate data stored on those devices
4. Have a solid asset management solution. Such a solution gives you the
capability to immediately respond to a lost or stolen device, closing the
window of opportunity for an attacker to capitalize on the data or network
access associated with a stolen device
5. Choose strong security layers. Back up your asset management solution
with full disk encryption, anti-virus and a VPN to minimize access to a
device and the data it contains

Threats posed to your organization's data aren't always going to be
malicious, but the risks they pose are serious and real. Being able to
understand the multitudes of ways that data can be stolen and what those
threats look like are critical to building a resilient enterprise that puts
the protection of you and your customer's data first.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180315/1bd5cc44/attachment.html>


More information about the BreachExchange mailing list