Blog

Tag: dynamic security policies

Combat insider threatsInsider threats exist everywhere and are tricky to detect and deter.  Privileged users can pose a greater threat to your business than hackers, since they already have access to your critical business data.  If a user has legitimate access to sensitive data, that person may accidentally or deliberately share it with unauthorized people inside and outside of your business. Trying to differentiate legitimate data sharing and malicious activity is difficult.

Users need to share sensitive documents with colleagues, business partners and customers regularly. Technology makes it easy to share massive amounts of confidential data with a click or tap through email, file synch and share services or portable media. If a user regularly accesses sensitive information for her job, how do you stop that person from leaking that data to unauthorized people?

Privileged users access sensitive data in databases, on file shares and in ECMs or other content repositories to do their jobs.  If a sales person downloads sensitive data from a CRM system and has it locally in a spreadsheet, how do you stop him or her from sending it to a competitor?  What if you need to share that data with a business partner, but need to control further distribution?

These are challenges, since people need sensitive information to do their jobs, but you need to control who can access the information and what they can do with it.

You need a way to discover, classify and protect sensitive data as you create it. The Fasoo Data Security Framework classifies information based on what you deem sensitive and protects the data by encrypting files as you create them on the desktop, localize them from databases or download them from information systems.  This is the easiest way to ensure you are in control of sensitive data.

Dynamic security policies apply permission controls that grant or deny users the right to View, Edit, Copy, Paste, Print or Decrypt files.  Since roles and responsibilities are always changing, you can change security policy to meet your new business requirements after you distribute files.  You can even automatically adjust security policy based on changed content within a file.  For example, if you have a file that is for all internal employees, but you add social security numbers to it, you need to increase the security to limit access because of the sensitive nature of what’s inside.

Understanding usage patterns of your sensitive information helps you determine behavioral anomalies that could indicate an insider threat.  If normal behavior for a person is to print a few files a day, but all of a sudden they are printing hundreds, they may be stealing sensitive information.  Alerting someone to this event can prevent a possible data breach.

Combating insider threats can be challenging, but your best defense is to protect and control confidential data at the source so it is secured at rest, in motion and while in use regardless of device, storage technology, storage location, and application.

 

Photo credit Eugene Kim

Financial Crime Goes Big In 2015Whether people claim that 2015 was the year of the data breach or not, it’s clear that we saw major data breaches in financial institutions through external attacks, insider threats or exploiting serious vulnerabilities in systems.  Many incidents were a lack of IT security basics, such as disabling default passwords and accounts or simple implementation errors.

There were a number of incidents in financial institutions in 2015 that showcased how dangerous both external hackers and motivated or careless insiders can be.  As Fahmida Rashid says in her article on Innovative and Damaging Hacks in 2015, people intent on stealing data and money are becoming more sophisticated in their attacks.  Rather than just targeting consumer information, thieves are going after systems or data that are more lucrative.  The Carbanak advanced persistent threat (APT) attack against financial institutions around the world was a good example of targeting banks’ internal systems and operations that may have caused as much as $1 billion in losses.

There were also increases in phishing campaigns where attackers sent email that appeared to be legitimate asking for bank account information or to validate a transaction.  If the recipient blindly clicked on a link or provided information without validating authenticity, they could be out of a lot of money.

While external attackers still pose the biggest threat to financial organizations, 2015 showed insiders can cause damage as well.  Earlier this year, a former employee of Morgan Stanley pleaded guilty to stealing confidential data from more than 700,000 customer accounts while he was interviewing for a new job with two competitors.  External attackers target insiders who already have access to sensitive data. Encryption, dynamic security policies that travel with data, and robust multifactor authentication controls are some of the defenses financial institutions should consider to ensure that unauthorized individuals can’t read anything they shouldn’t be allowed to see.

It’s clear from looking at the attacks and breaches in 2015 that all the perimeter-based IT security implemented at financial organizations is not stopping the problem.  Implementing the basics of security best practices is the first place to start.  Next is to protect what people want to steal, data.  Having access to sensitive data is what criminals want so they can sell it or use it to steal big from financial institutions and their customers.

 

Photo credit elhombredenegro

Categories
Book a meeting