Industry Insights with Richard Henderson

Access Management , Advanced SOC Operations / CSOC , Anti-Phishing, DMARC

5 Ways to Improve Insider Threat Prevention

5 Ways to Improve Insider Threat Prevention

If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.

See also: Forrester Study: The Total Economic Impact™ (TEI) of Absolute

While we recently examined the rising of the politically motivated insider, the truth is that most incidents are traced back to employees who are just negligent or unaware, whether it's accidentally emailing customer data to an external party or clicking a phishing link.

Most "mistakes" come from negligent insiders. Unfortunately, these insiders are often the hardest to identify. With no malicious intent, these employees are just trying to be productive and independent, which sometimes leads them to circumvent IT, download insecure apps or mistakenly click that phishing link.

The ways that insiders put data at risk are always changing. A combination of education and technology is the best approach to detecting and remediating negligent user behavior. While security training is pretty standard these days for new employees, it's not uncommon for most organizations to forget to build in reminders or to update training over time. Employees may simply forget they aren't supposed to email data or use open Wi-Fi networks.

Insider Threat Prevention Requires Visibility

With the explosion of cloud storage, SaaS and the growth in IoT, OT and IoT devices, there are now more ways than ever for data to be inappropriately shared, making it difficult to be 100 percent certain where company data and sensitive information may end up.

While I expect big things to come out of intent-based security, machine learning and AI, we don't need to look to future technology to solve all of today's problems with insiders. We'll never shore up all the cracks in data security, but we can most definitely improve on the status quo. Here are five critical steps:

  1. Watch the movement of data. You need to be able to watch for the movement of critically important internal and customer data as it traverses within (and outside) your environment. Most organizations are solid on network monitoring but lack control and visibility over data as moves onto devices or into the cloud
  2. Monitor for Shadow IT. Look for applications and tools that have not been approved or vetted by your IT and security teams for use. While blocking all non-approved apps and tools could clamp down on productivity, it is critical to have plans in place when these apps may compromise sensitive data
  3. Address endpoint security. Ensure the physical security of your employee devices and the corporate data stored on those devices
  4. Have a solid asset management solution. Such a solution gives you the capability to immediately respond to a lost or stolen device, closing the window of opportunity for an attacker to capitalize on the data or network access associated with a stolen device
  5. Choose strong security layers. Back up your asset management solution with full disk encryption, anti-virus and a VPN to minimize access to a device and the data it contains

Threats posed to your organization's data aren't always going to be malicious, but the risks they pose are serious and real. Being able to understand the multitudes of ways that data can be stolen and what those threats look like are critical to building a resilient enterprise that puts the protection of you and your customer's data first.

About the Author

Richard Henderson

Richard Henderson

Head of Global Threat Intelligence, Lastline

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline's technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an "insightful view" on the current state of cybersecurity. Henderson was one of the first researchers in the world to defeat Apple's TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Henderson is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.