Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization.
Earlier this year, Tesla discovered that an employee had stolen more than 6,000 files containing sensitive code. The software engineer, who was only employed for two weeks, had been hired as one of the few people who could access these files.
This incident highlights the danger that insider threats pose to enterprises. This is not a problem that is unique to Tesla or any one industry. Employees, whether through careless or malicious actions, can pose a significant risk to any organization. A survey from the Ponemon Institute recently found that insider threats increased by 47 percent from 2018 to 2020. The cost of insider threat incidents also rose by 31 percent from $8.76 to $11.45 million during the same time period.
If a company’s data falls into the wrong hands, it can cause real harm to people and put companies at a severe competitive disadvantage by fostering a loss of trust externally with customers and other vital stakeholders. That is why organizations must equip themselves with the right tools to detect and stop insider threats and data leakage across the IT ecosystem.
Understanding the Various Forms of Insider Threats
Much of the time, insider threats include malicious external users who have gained access to legitimate credentials and are, as a result, able to get inside the organization. While it is more common to think of these malicious hackers infiltrating from the outside, the reality is that a substantial amount of data leakage is caused by insider threats.
The Tesla example above perfectly highlights what can happen when an employee with malicious intent decides to abuse the use of their authentic credentials to steal data so they can sell it for financial gain, retaliate against the company for any perceived injustice or aid a competitor.
However, a more common form of insider threat comes from careless employee mistakes, such as choosing to circumvent specified security procedures, leading to bad decisions like storing sensitive data on unsecured personal devices for convenience while working from home, as well as falling victim to phishing schemes.
Achieving Faster Identification and Prevention
The IT ecosystem within most organizations has evolved tremendously over the last year to accommodate COVID-19-related modifications, including shifting to remote work, moving operations to the cloud at an accelerated rate, and permitting employees to use personal devices to access corporate IT resources. All of this has made shielding data from insider threats even more complex and has proven that reactive security tools and strategies built for a prior era cannot keep pace with today’s dynamic business environment.
To remain successful in this new world, enterprises must obtain and uphold continuous visibility over sensitive data that can no longer be regulated by on-premises security tools. Companies must also possess the ability to detect and halt insider threats from anywhere and at any time, which requires solutions that can block, encrypt, apply digital rights management (DRM) and redact.
Organizations should also choose a fully featured solution complete with user and entity behavior analytics (UEBA), which uses machine learning to develop a baseline for each employee’s behavior so that suspicious departures from the norm can be detected and remediated as needed.
Maximizing Budget and Results
Security teams are being tasked with handling increasingly complex challenges while also staying within budget. Consequently, they would benefit significantly from having an easy-to-manage platform that can meet a breadth of security use cases, including those outlined above. Regardless, many organizations still rely upon a number of disjointed security tools. The result is a series of nonintegrated products that leave teams missing the comprehensive security prevention needed to adequately guard against threats.
Disparate security tools are hard to manage and create blind spots that waste time and money and lead to inconsistent results that will undoubtedly affect a security program’s speed and accuracy. That is why companies need a solution that offers consolidated ease of management and comprehensive protection, effectively safeguarding data by blocking threats and empowering business processes without cannibalizing financial resources.
Adopting a unified platform in place of multiple, disjointed point products is key, which is why cloud-first secure access service edge (SASE) offerings are growing in popularity. Such platforms give any employees in any location secure access to any organizational data or systems in the cloud, on the web, or on the network. They do this without requiring any on-premises hardware appliances (like VPNs), allowing security teams to bypass the cost of such architectures while optimizing their security posture.
Prioritizing a Comprehensive Security Solution
Companies must proactively seek out and implement the right tools to save security teams from a broad range of costly setbacks, including those frequently accompanying insider attacks. The matrix of interactions within the enterprise IT ecosystem is becoming increasingly complex. Using a SASE platform gives security teams access to a single, all-encompassing dashboard to configure data and threat-protection policies that are enforced automatically anywhere data goes, thus ensuring business security, continuity and growth.
Anurag Kahol is CTO at Bitglass.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.