Is Your Company Safe from Insider Threats?
Insider threats are a problem that several organizations have to deal with. If you are part of a company that uses the cloud or has a BYOD policy, there’s always a chance that data can be leaked from within. While you can’t get rid of this risk entirely, you can take steps to ensure that that risk is as low as possible. With reports from Bitglass, the Total Data Protection company, indicating that one in three organizations surveyed had experienced an insider attack in the last year, and that 74 percent feel vulnerable to insider threats, it’s more important than ever to make sure your business is as prepared as possible.
The report features insight from over 500 cybersecurity professionals on the state of insider data leaks and the tools used to lessen these threats. It also discusses the potential reasons behind the increase in insider leaks, including cloud adoption and BYOD policies because they allow corporate data to be accessible outside the network perimeter.
“Adoption of cloud and BYOD are positive developments, but organizations that have limited cross-app visibility will struggle to detect anomalous behavior and need to rethink their approach to data security,” said Nat Kausik, CEO, Bitglass. “The reality is that cloud apps have made data more readily accessible and insider threats more likely – it's up to the enterprise to put adequate data controls and policies in place to secure vital data.”
These technologies are supposed to be helpful, which they are, but they also put your business at risk. In today’s mobile workforce, it would be hard to completely give up on the cloud or not allow people to use their own phones, laptops, etc. Getting work done has to be convenient for everyone involved, which is where these policies come in to play. So, if we’re not going to see the end of the cloud any time soon, it’s more important than ever to make sure that your employees are properly educated on data safety.
According to the report, privileged users, more than any other user group, were seen as posing the greatest security risk by 60 percent of organizations. This is a slightly unsettling percentage. Imagine how much better it would be if it was a guarantee that all of these privileged users were properly trained. Unfortunately, that’s not the case. The report found that 62 percent of cybersecurity professionals think that lack of employee training is responsible for data leaks. That is a completely preventable problem—one that could make or break your enterprise’s security.
Meanwhile, 57 percent of the cybersecurity professionals surveyed believed that insufficient data protection solutions, more devices with access to sensitive data (54 percent) and more data leaving the network perimeter (48 percent) are at the core of many insider leaks. The latter two come with the territory of BYOD and the cloud, but not having the proper analytics tools is a completely unnecessary risk.
Sixty-eight percent of those surveyed thought negligent users were a risk to data security. However, those users can be taught the importance of keeping data and their devices safe. If a third of organizations don’t have any analytics solutions in place to detect insider threats, though, then that is a whole different issue that no amount of employee training can fix. The report found that 64 percent of enterprises can detect a breach within a week, but what about the other 36 percent?
According to the report, employee training (57 percent) and identity management solutions (52 percent) topped the list of best means for preventing insider attacks. Data leakage prevention was also among the most effective tools in 49 percent of organizations.
Using new technologies and being flexible are good for your company, but you need to make sure that you take every possible measure to ensure data protection. This means investing in analytics and training your employees. How does your company stack up?
Edited by Stefania Viscusi