For all the disruption they caused at the time, the hack attacks on TalkTalk, Target, Ashley Madison, and JD Wetherspoon in the latter half of 2015 have focused executives’ minds on cyber risks like never before.
In the aftermath, the brands affected were falling over each other to explain the steps they were taking to ensure it never happened again. Investments in cyber security – often viewed as an expensive overhead – were suddenly a source of pride; hitherto onerous data protection regulations became a safe refuge in the face of increasing public scrutiny.
This is very encouraging, but their focus could be too far-sighted. There is a grave danger that organisations are channelling resources towards mitigating external threats, while neglecting the risks that come from within.
The dangers of this became clear in February, when a former employee of Ofcom was caught attempting to pass confidential data to his new employers. That the data was passed to another business and not to a ‘dark net’ download site is immaterial – sensitive information was compromised, as a consequence of which Ofcom found itself apologising to the very broadcasters and media organisations it is supposed to police.
> See also: Insider threat programmes set to double as security breaches persist
Ofcom’s case is by no means isolated. Internal risks – from disgruntled staff or mislaid devices – are as significant a risk to data protection as external hackers (in yellow).
Like external threats, organisations’ approaches to mitigating internal risks have been patchy, with overzealousness in some areas masking lassitude elsewhere. Most firms, for example, have rigorous password protocols.
However, how many continually adjust and refine employees’ access to applications and data as their roles change – so people only have access to what their job requires.
Manage the endpoints, and the risks will manage themselves
This patchwork leads to a confusing mass of information and intelligence – which makes building a clear picture of the organisation’s security posture and vulnerabilities difficult and time-consuming.
In a world where data from a stolen device could be somewhere for sale on the dark net within minutes, the ability to monitor – and act – in real-time is crucial. To put it another way, organisations must build a ‘single source of truth’ covering all of their end-points including desktops, laptops, smartphones and tablets.
Mitigating internal threats in this environment revolves around the ability to do three things very well:
Account for the location of employer-owned devices
Offering flexible working carries with it the implicit trust that employees will safeguard their devices and data. Endpoint security technology can add a further layer of reassurance, by tracking the location of these devices and triggering an alarm should the device be lost or stolen
Detect and mitigate suspicious behaviour
As night follows day, attempts to circumvent corporate IT Security technologies by an employee (like firewalls or encryption) leave an organisation with security vulnerabilities.
In these circumstances, administrators need to monitor and manager end users and their devices in real-time, if necessary, pushing out updates for out-of-date security software or switching on encryption event when it’s a remote user off the corporate network.
Provide a thorough audit trail
Data is everything when organisations are reassuring staff and customers after security breach. What is more, regulators increasingly demand it. The ability to compile a detailed narrative for each incident is vital not just for forensic purposes. It could just be what saves the organisation’s reputation.
Broader benefits
There’s more to endpoint security than tracking down errant data and catching out careless staff. The single source of truth on endpoints can start paying for itself almost immediately, in the form of improved IT asset management.
Organisations have long been paying for far more software licenses than they actually need in order to avoid even heavier penalties from vendors. Endpoint security tools help firms ensure they only buy licenses which they know will be used.
And, when an employee has finished using a particular app, for example when they are promoted, IT administrators can easily re-allocate the licence to whoever takes over their job.
> See also: No organisation is an island: the rise of community-based security
Intelligence is everything
If there is one learning from the security breaches of the past year, it is that nobody can consider themselves immune to attack. And, while external threats are more challenging to mitigate (as well as generating more column inches), the actions of staff within the organisation are just as dangerous.
By building a single source of the truth about the status, location and content of their devices, IT teams will chalk up a quick win for ensuring the unthinkable doesn’t happen for some time to come.
Sourced from James Pattinson, VP EMEA, Absolute