Are You Prepared to Combat Insider Threats?

Combat insider threatsInsider threats exist everywhere and are tricky to detect and deter.  Privileged users can pose a greater threat to your business than hackers, since they already have access to your critical business data.  If a user has legitimate access to sensitive data, that person may accidentally or deliberately share it with unauthorized people inside and outside of your business. Trying to differentiate legitimate data sharing and malicious activity is difficult.

Users need to share sensitive documents with colleagues, business partners and customers regularly. Technology makes it easy to share massive amounts of confidential data with a click or tap through email, file synch and share services or portable media. If a user regularly accesses sensitive information for her job, how do you stop that person from leaking that data to unauthorized people?

Privileged users access sensitive data in databases, on file shares and in ECMs or other content repositories to do their jobs.  If a sales person downloads sensitive data from a CRM system and has it locally in a spreadsheet, how do you stop him or her from sending it to a competitor?  What if you need to share that data with a business partner, but need to control further distribution?

These are challenges, since people need sensitive information to do their jobs, but you need to control who can access the information and what they can do with it.

You need a way to discover, classify and protect sensitive data as you create it. The Fasoo Data Security Framework classifies information based on what you deem sensitive and protects the data by encrypting files as you create them on the desktop, localize them from databases or download them from information systems.  This is the easiest way to ensure you are in control of sensitive data.

Dynamic security policies apply permission controls that grant or deny users the right to View, Edit, Copy, Paste, Print or Decrypt files.  Since roles and responsibilities are always changing, you can change security policy to meet your new business requirements after you distribute files.  You can even automatically adjust security policy based on changed content within a file.  For example, if you have a file that is for all internal employees, but you add social security numbers to it, you need to increase the security to limit access because of the sensitive nature of what’s inside.

Understanding usage patterns of your sensitive information helps you determine behavioral anomalies that could indicate an insider threat.  If normal behavior for a person is to print a few files a day, but all of a sudden they are printing hundreds, they may be stealing sensitive information.  Alerting someone to this event can prevent a possible data breach.

Combating insider threats can be challenging, but your best defense is to protect and control confidential data at the source so it is secured at rest, in motion and while in use regardless of device, storage technology, storage location, and application.

 

Photo credit Eugene Kim

Leave a Reply