When most people think about cyber security, they immediately think about hackers and other external threats. This is understandable, since most of the headlines in the news focus on external sources. While external threats are a problem, internal threats by privileged users can pose as great a threat, if not greater, to a company’s business.
A recent Insider Threat Report, sponsored by Fasoo, highlights the magnitude of insider threats and the damage they can wreak. The report concluded that threats are growing, stopping them is getting more difficult and that organizations must take a comprehensive approach to solve the problem. Based on the input from over 500 cyber security professionals, the Insider Threat Report provides hard data on the realities of insider threats and what organizations are doing to prevent, detect and remediate these threats.
Here are some key findings:
- Privileged users with access to sensitive information pose the biggest insider threat to organizations.
- 62 percent of security professionals say insider threats have become more frequent in the last 12 months, but only 34 percent expect the additional budget to address the problem.
- Fewer than 50 percent of organizations have appropriate controls to prevent insider attacks.
- 62 percent of respondents say that insider attacks are far more difficult to detect and prevent than external attacks.
- 38 percent of respondents estimate remediation cost to reach up to $500,000 per insider attack.
- 64 percent of respondents find it difficult to estimate the damage of a successful insider attack.
With all these dizzying statistics, it’s no wonder that executives and security professionals are finally taking a hard look at how to mitigate the risk of insider threats.
Stealing intellectual property and copying information from file servers are two of the biggest areas of vulnerability according to the report. Most intellectual property is in documents, whether it’s a drawing for a new product, the details of a drug study, or the proprietary formula for Coca-Cola. Protecting those documents and the information inside them is where companies need to focus their efforts.
When all our intellectual property was on paper, it was simpler to protect. With everything in digital format, the vulnerabilities are multiplying as more users share documents through internal file servers and external file sync and share services. Since many internal users need access to these servers, preventing an authorized user from accessing confidential information is difficult. If the user regularly accesses that information for her job, how do you stop that person from doing something malicious with it? Exposure to human error is amplified as a result of improvements in technologies that facilitate instantaneous sharing of massive amounts of confidential data.
A lot of the organizations who responded to the survey said they monitor human behavior to try to mitigate the risk of insider threats. Unfortunately, a lot of that is just activity logging so it won’t stop the problem from happening. The best way to protect your intellectual property is to take the human out of the equation. Don’t rely on people to protect the documents. Lock the documents automatically as soon as someone creates them.
By encrypting documents and applying persistent security policies to them automatically, intellectual property and other confidential and sensitive information is protected. If an insider tried to pass the information along to a trusted confederate on the outside, the outsider couldn’t access the information. If you suspect the insider of stealing information, you can easily kill access to any documents they have access to.
Every organization needs to rethink how to protect its most valuable data. Protecting it with data-centric security ensures that it’s always safe no matter where it goes.