Organizations can no longer afford to pursue cybersecurity strategies designed exclusively to stop external attacks. Insider threats, initiated by employees or highly privileged parties who have gone rogue, have become increasingly common. A 2014 Vormetric survey of IT professionals in Europe found that only 9 percent of them felt safe from these risks. In the U.S., there’s similar anxiety about protecting sensitive data and systems from insiders such as Edward Snowden.
The internal and external threat categories each require a distinctive approach to risk mitigation. What works for stopping an employee from accessing privileged data, for example, may not fare as well in shielding the network at large from intrusion by cybercriminals. With that in mind, here are some tips for protecting your company from insiders and outsiders alike.
Preventing insider threats and restricting access to data
The CERT Program at Carnegie Mellon has defined a malicious insider as a current or former employee, business partner or contractor who is an authorized user yet has exceeded and/or exploited his/her access to company assets to inflict damage. One of these individuals could sabotage a critical IT system, commit fraud or make off with intellectual property.
How can organizations clamp down on insider threats? For starters, they can implement training programs that specifically address the issue, and continually update these procedures. Educating employees about policies, and getting managers to fully buy into these rules, also helps, but there’s a major technical component to mitigating risk, too.
For example, the creation of user accounts and any password changes should be carefully audited. Data encryption is similarly crucial, with 38 percent of the Vormetric survey respondents stating that it was a useful way of protecting information from theft and misuse.
Moreover, stopping insider threats is about carefully limiting data access. The CERT Program has recommended avoiding direct network connections between the IT systems of an organization and its business partners, but there’s no need to stop there. Limiting access by library, object or policy is a good way to make sure that only the right personnel have access to the most important data.
“To practically defend themselves, organizations must take a data centric approach, implementing encryption and access controls to limit exposure, and monitoring data access to identify inappropriate user activity using a platform approach that scales with growing data security mandates and requirements without diverting an inordinate amount of IT resources,” stated Vormetric CEO Alan Kessler.
Staying on guard against external attacks
Responding to external threats, from distributed denial-of-service attacks to email worms, has been part and parcel of cybersecurity for years. Today’s threat environment includes new dangers such as ransomware, mobile malware and elaborate spyware that breaks into the network via phishing emails. New mitigation strategies are needed.
Security awareness programs, layered endpoint protection and cybersecurity solutions, including antivirus and monitoring tools, go a long way toward keeping threats at bay. With the proliferation of new devices, especially mobile ones, in the workplace, it makes sense for companies to invest in utilities that regularly scan critical assets on endpoints across the network.