Following an array of internal security breaches across a wide range of industries in 2019, awareness of insider threat is finally starting to grow. As we move towards 2020, it is undoubtedly becoming a major problem, and considerable changes need to be made in order to stop any further growth.
According to Verizon, the number of insider related breaches is rising every year, and in 2018, 34 percent of all breaches were caused by insiders. In the first half of 2019 alone, 4.1 billion records were exposed as a result of data breaches, and insider threat is clearly a growing problem for businesses.
These breaches cause large scale problems for companies. Not only are there various financial pitfalls of compensating affected customers, setting up breach response efforts and investigating the incident itself, but heavy regulatory penalties can really damage businesses, not to mention the resulting reputational impact on companies and their falling share prices. Businesses cannot afford to continually fall victim to security breaches.
The changing face of threat
Where previously, many have perceived hackers as technical threats — logging into systems externally and stealing data — today many in the industry are instead looking at human vulnerability and attacking that. Insider threat isn’t always malicious, and the accidental leaking of information, such as passwords, is a key contributor to internal breaches.
Most data breaches are simply a matter of access and opportunity — which employees have access to what data? And should they have that level of access? One popular strategy that is currently being undertaken by companies to stop insider attacks is through completing regular entitlement reviews, assessing who has access to what, and revoking rights from those who shouldn’t have them.
Through this, many organizations feel that they are adequately stopping employees from having access to data that they shouldn’t. However, if that was true, insider attacks would not be on the rise.
Fixed entitlement reviews
Most medium to large companies typically review their employee entitlements at regular intervals — perhaps quarterly or half yearly — but always at least once every twelve months. As regulations continue to tighten, these entitlement reviews are required more now than ever before, but just because companies are complying with regulation, it doesn’t mean that they’re necessarily keeping their businesses safe from insider threat.
Typically, under this model of periodic reviews, information security teams, line managers, or department managers are given a fixed time frame, during which they must ensure that all employees only have access to the data that they should have access to.
Manually, with numerous amounts of spreadsheets and reports, this is not only a time consuming task, but frequently inaccurate too. Thankfully, as technology becomes more innovative, entitlement reviews can be completed through software that takes much of the leg work out of the task.
Such technology provides virtually instant information on access rights, and allocates a risk score dependent on anomalies across the company. When it comes to annual entitlement reviews, the highest risks can be highlighted across an entire organization. This enables a focus on risk, rather than specifically searching for ‘bad actors’ — saving a huge amount of time and effort. However, with insider threat continuing to rise, it’s clear that periodic reviews aren’t sufficient enough.
The next stage for internal security is to be able to replicate these reviews ‘as you go.’ Rather than having a two week period to complete all company reviews, if a line manager is given 15 reports to assess, they can grant or revoke the relevant access that enables them to do their job. From here, as in all businesses, things can change on a daily basis.
When one of these 15 reports requests access to something that they haven’t had access to before, managers can understand its impact on risk there and then. Even if it increases the individual’s risk (and maybe that of the department), managers can still allow it, while noting that it has been allowed — even if only temporarily.
As 2020 beckons, it’s integral that companies are doing absolutely everything they can to keep themselves protected. With this ‘review as you go’ process, managers can consistently keep on top of things for all reports. As a result, when it comes to completing annual reviews, they know that all of their certifications are up to date, and every request can be accounted for — only making regulatory compliance easier.
With traditional reviews, in the space of three months, different employees could gain access to all sorts of data that is completely untracked. This allows threat actors to slip through the cracks, and increases the chance of an insider attack. With consistent, dynamic reviews, this opportunity is minimized considerably.
Published December 30, 2019 — 00:00 UTC