Friday, October 6, 2017

To Err is Human or The Insider?

What’s the similarity between Bradley Manning and Edward Snowden? Well, apart from the fact that both disclosed sensitive information about the US government or its various arms and were hailed as “whistleblowers” by some and slammed and persecuted by their own government, they were also quintessential “insiders”. Or, to put it simply, people who ended up leaking classified information about the very same organization that they worked for.

Surprised? Welcome to the world of insider threats, a kind that is perhaps the most under-appreciated of cyber threats since they mostly fly under the radar as stories about hackers and other criminal actors grab the headlines.

According to the SANS Institute, one-third of enterprises have suffered from an insider caused breach, with possible losses from each incident amounting to more than $5 million. Research firm Gartner says that more than 70% of unauthorized access to data is committed by an organization's own employees. These are good enough indicators to gauge the level of threat that insiders pose.

Insider attacks, be it from a disgruntled employee or an absent-minded manager, are more insidious because they betray the trust the organization has in its employees and partners. They are also harder to detect and take longer to discover than any other type of threat. Also, this threat simply can’t be wished away as every organization needs employees and partners who will need access to sensitive information to do their jobs effectively.

Besides, not all insiders have a malicious intent. Often, data loss happens due to unintentional mistakes made by people—accidental insiders—or users whose credentials have been compromised or stolen—compromised insiders.
Alas, the existing approach to information security relies heavily on protecting the technology infrastructure, which while needed will not solve this insider threat.
So, what can organizations do about it? How can they counter such threats?
The Human Point
The answer perhaps lies in having a more human-centric approach. To protect and secure data from such insider threats, a new approach is required where the focus needs to be on understanding the points in which trusted people – employees, partners, and contractors – interact with critical business data and intellectual property. It is human points of interaction where businesses see critical data as most valuable. And these are precisely the points where the data is also the most vulnerable.
Learning how users interact with critical data has to become a priority for security professionals. And while there’s agreement that understanding behavior and intent is vital to cyber security, most security professionals are unable to do so effectively as it is an entirely new security paradigm.
To effectively counter insider threats, intelligent integrated systems are needed that provide visibility into user behavior and uncover intent by providing the context behind a user’s actions. These systems of integrated solutions, when coupled with comprehensive cyber security programs, can secure today’s mobile workforce, reduce the incident management burden on IT teams, increase the value of new security investments, and provide proactive security that promotes innovation within the organization.
It’s time businesses start adopting this new approach to security and have intelligent systems that allow good employee behavior and facilitate business while stopping bad cyber behaviors.

And the time to start was perhaps yesterday. Else, tomorrow the next Bradley Manning or Edward Snowden might come from your organization.
reproduced from - https://tinyurl.com/y9jjf467