Did you have coffee with the hacker this morning?

April 26, 2016 - 5 minutes read

sophos Your organization likely spends many resources preventing external breaches and takes the necessary measures to ensure that your company’s data is protected. However, did you consider if you’re in fact having coffee with the hacker every morning…?

Organizations tend to forget that almost half of data losses are results of internal breaches, half of which are intentional criminal acts and the rest a consequence of human error (figure 1).

Handling data while at the same time ensuring protection of privacy, is a crucial ingredient for success in today’s business environment. How do we acknowledge these facts and minimize internal breaches, without increasing distrust and monitoring of our employees’ every move?

Intentional breaches

A survey from Clearswift recently revealed that one third of employees is willing to sell company data for the right price. Again: one out of three! Of course organizations have legal measures to safeguard that employees act ethically, but business processes are highly based on trust of confidentiality.

The intentional breaches are often committed by employees with easy access to critical company data and companies usually don’t have sufficient measures implemented to ensure restricted access. So how can you achieve a balance between providing your employees freedom to operate, while still monitoring and detecting suspicious behavior?

Implementing a solution to detect unusual behavior and pattern recognition will be a great starting point. Let’s say that an employee operating in the marketing department with a consistent workflow starts accessing files within research and development. Often there will be a natural explanation, but if the employee simultaneously uploads large data amounts via Dropbox, one might expect that something is wrong. A SIEM solution is able to assist in the process of detecting unusual behavior like this and can provide your company with a holistic view of data flows and analysis.

A recent report from Intel Security shows that the most common format of stolen data are regular documents. Due to the electronic handling of sensitive corporate documents, stealing data is no longer associated with tiptoeing towards the copying machine around midnight. It is as easy as using a USB stick or sending an e-mail, but these actions all leave a digital fingerprint. This digital footprint enables your SIEM solution to detect a potential breach and make the management team aware of the possible malicious activity.

Accidental breaches

Even though half of data breaches are internal, as mentioned, around 50 percent of these are not a result of greed, but rather employees’ ignorance of the implications of certain actions. We may all know the famous example of the U.S. Department of Homeland Security, who planted USB sticks with their own company logo in the parking lot outside their office. Shockingly, they found that 90% of the USB sticks were picked up by employees and without hesitation plugged into company computers.

This illustrates the fact that internal data breaches are often not a result of greed, but rather ignorance or unawareness of proper cyber security best practices.

How can we make employees think twice before picking up the USB drive and checking the content without hesitation? It is important that companies have internal focus on current issues, update operational practices and implement sufficient data handling policies.

By employing a SIEM solution and establishing formal measures for operations, companies will be able to setup alarms if e.g. blueprints, strategic roadmaps or new product descriptions are accessed or transferred electronically – thus, providing organizations with the ability to identify and address potential vulnerabilities and anomalies within their IT environment.

Final recommendations

It is crucial for companies to start acknowledging the importance of internal breaches and establish measures for responding to the challenge. Often it is small errors leading to increased vulnerability. By employing a SIEM solution and establishing company governance addressing operational practices, companies will be able to address the issue of internal breaches and mitigate the problem.

Υou can read the original article here.

Powered by WPeMatico