The hapless user: secure from the inside out

The current cyber threat landscape is increasingly complex, with cyber attacks becoming far more widespread, sophisticated and more straightforward to execute. In such an environment, organisations face a catch-22 situation: it’s becoming harder to detect hidden threats early, yet early detection is essential to mitigating the loss of confidential and sensitive data – not to mention the damage to a brand’s reputation.

Over the past few years, we’ve seen several high-profile organisations succumb to crippling security breaches. Each incident acts as a reminder that malicious attackers do not discriminate and no organisation is safe, no matter the size or industry.

What’s more, it’s become abundantly clear that there will always be cyber-criminals intent on causing harm to businesses and individuals, whether for monetary gain or personal incentive, such as influencing a politically-focused event.

>See also: The insider threat – are legacy systems the weakest link?

Organisations are starting to wake up and move security higher up the priority list. Companies are beginning to invest in more sophisticated security solutions – focusing on preventing external threats – to help negate the chances of hitting the headlines for the wrong reasons. However, while this is obviously a step in the right direction, it’s only one piece of a much larger and more complicated puzzle.

An inside job

Not enough attention is paid to those within an organisation that could potentially pose a security threat. According to a recent IDC study[1] looking at business views on security breaches, only 12% of respondents were worried about the threat posed by an insider. However, employees are responsible for almost half of all data breaches that happen today. So, why is there such a disconnect?

The disparity is concerning in itself. Insider threats should be equal to, if not more of a concern to organisations than external threats, simply because they threaten both customer and employee trust.

>See also: The insider threat: 5 things to do if your employee has gone rogue

Moreover, insiders have privileged access to extremely valuable and often sensitive data in order to carry out their jobs in the most efficient way possible. This makes it more difficult to detect suspicious activity and anomalies on the system.

Despite this, there is still a level of reluctance by organisations to invest appropriately in tools to address the insider threat. Organisations often perceive individual device-level monitoring to be extremely expensive, with a tendency to foster an atmosphere of distrust among staff.

Additionally, if a substantial amount of focus is being placed on individuals, businesses feel that it often fails to provide a holistic view of risky behaviour. Businesses are focusing more on investing in technologies designed to protect a more traditional network-based perimeter, as opposed to one that is focused on detection and response.

>See also: Insider threat denial: who is in the driving seat?

Whether an enterprise faces a sophisticated Advanced Persistent Threat (APT) or insider threat, indications of breaches can be gathered by analysing data. The aggregation and collection of data has never been more crucial.

If an organisation can glean its data from all IT systems and applications and correlate it, valuable insights that help to differentiate between normal and abnormal behaviour can be used to uncover even the most concealed breaches.

Culture shock

At a cultural level, there must be a conscious effort to shift focus away from the outcome of a breach to concentrate on the issue’s source – user behaviour. When users are educated about safe data management practices and IT managers can audit their progress, the company stands a significantly improved chance of warding off threats.

Having the ability to conduct real-time analysis of user behaviour and machine-generated data can aid in detecting a potential breach, whether accidental or intentional. It enables precautions to be implemented, procedures to be executed, and in turn, a substantial amount of damage to be mitigated.

>See also: Insider threat detected: now what?

Responding to an anomaly immediately demonstrates the organisation’s competence to both identify and deal with cyber-threats. Moreover, it can serve as a constructive way of educating the user community in spotting a potential breach and figuring out a way to deal with it, as well as retaining customer trust in your organisation.

Businesses should be allocating more resources to identifying the hapless users within their organisation and ensuring that they educate them with behaviours that exemplify a solid security strategy. If security is embraced as a part of the corporate culture throughout an organisation, maybe then we’ll start to see improvements and a reduction in the number of security breaches.

 

Sourced by Matthias Maier, security evangelist, Splunk

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...