TRENDING:

Fraud Management & Cybercrime , Governance & Risk Management , Insider Threat

Tips on Preventing Insider Breaches

David Gibson of Varonis on Mistakes Organizations Make Information Security Media GroupNovember 18, 2016    

To combat breaches involving insiders, organizations need to limit employees' access to data and more closely monitor access activity, says security expert David Gibson of Varonis.

See Also: Defending Against Malicious and Accidental Insiders

A problem at many organizations is that when it comes to providing employees access to systems and networks, "anybody can get inside," Gibson says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

A study earlier this year conducted by Ponemon Institute and sponsored by Varonis found that 62 percent of employees say they have access to far more data than they need to do their jobs, Gibson notes. On top of that, less than 30 percent of organizations say they have a "searchable record" of what their insiders are doing with that data, he adds.

That's akin to a bank where "anyone can go into the vault, and no one is watching what they're taking out - you've got a really big proposition for danger."

By prioritizing detection, "and making sure you're looking at what employees are doing with data, you can potentially catch a lot more [breaches], but you also have to make sure they only have access to what they need to have access for," he stresses.

In the interview, Gibson also discusses:

  • The different categories of insider threats that healthcare sector entities need to worry about;
  • Heightened consumer privacy concerns as more data is being collected via email, voice mail, GPS and camera surveillance;
  • Emerging cyber challenges involving the internet of things.

Gibson, CISSP, is vice president of strategy and market development at Varonis. He has more than 15 years of IT industry experience. Since joining Varonis in 2006, he has held positions of sales engineer, sales engineer manager, director of technical marketing and vice president of marketing. Prior to Varonis, Gibson was a New York-based systems engineer for Tripwire and worked as a network management and security engineer at International Integrated Solutions Ltd.

Previous
Shazam Keeps Ears Open When Microphone Is 'Off'
Next
Why Credentials Are 'The New Perimeter'

About the Author

Information Security Media Group

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 34 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.



Around the Network

How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.