Security Fridays Week 23 – A look at how data discovery and data loss prevention can secure against insider threats.
It is amazing to me that, in the current world, a lot of organisations are still so utterly focused on external threats that they essentially ignore insider threats. In a world where governments cannot keep policy decisions and future speeches secret as they are leaked instantly, it is amazingly short sighted to think that a policy or honour system can be trusted to work. Especially in such massive organisations where over a million employees can be on the payroll.
How can you trust each and every one of them to do the right thing at all times? You can’t. The chances of malicious insider threat are omnipresent. One of the real problems is that a formerly good, honest, and dutiful employee can even change to a threat seemingly overnight, with no warning, let alone those employees that are malicious from the start. Financial issues, religious or political ideals, social pressure, or just plain old fashioned greed, can all turn people to theft.Theft of data is psychologically one of the easier thefts to convince people to perform as data is not physical so it’s harder for people to picture it being real, or consequential.
None of this even takes in to account a much larger pool of insider threat from accidents where users are careless or complacent, and either, don’t check what they are transmitting, assume that the destination is correct, or are too uneducated in security to understand the implications of their actions.
In the case of Amazon they have at least done the right thing after the fact, sacking the employees responsible and reporting them to law enforcement. But for such a large organisation which holds such massive troves of personal information from so many customers was it right to wait until there was a breach to act? That’s the strange part, as technologies that could have stopped this sort of data breach have been available for a long time.
While it had a bad reputation in the past, Data Loss Protection has come a long way, and is exactly the tool that would have prevented this sort of threat. By not relying on user action to enforce policy, but by using technology to enforce it, the malicious insider would simply have found that releasing such data to external parties would have been impossible, or at the very least far too slow and onerous to be worth the risk of detection that sending hundreds of email addresses one at a time would have caused them.
Situations like this can be addressed by :-
1 – Implementing Data Loss Prevention technologies that enforce data security policy, rather than just relying on honest users following a security policy they have read once and forgotten.
2 – Constant user education. A vast quantity of these breaches are actually accidental and education is a great tool to reduce those by teaching users the importance of security and constantly reinforcing its impact on the organisation and their own jobs risk can be dramatically reduced.
3 – Full auditing of all communications. By gathering and checking how data is being used, searching for patterns and working out the cause, rogue employees can be detected and corrected before they cause significant breaches.
Category: Industry News