Top Cybersecurity Lesson from 2016: Unchecked Insiders
An unmistakable lesson from 2016 is that there is an escalating arms race between hackers and the organizations they target—from the highest levels of national governments to corporations and private institutions.
And while hackers have many advantages, there are two that are contributing to a rampant spike in cyber breaches right now:
1. Employees, contractors, service accounts, and even executives often have privileges to access far more data than they require.
2. Most organizations do not monitor or analyze how data stored in files and e-mails—the target of many recent attacks—are used by these accounts. Whether hackers take over an account, or the insiders themselves abuse their access out of curiosity or for malicious purposes, these vulnerabilities on the inside are among the largest threats to any organization.
Despite the technology available and the frequency of highly publicized attacks, data breaches continue to rise. According to a study conducted earlier this year by the Ponemon Institute for Varonis, three out of every four organizations have been hit by the loss or theft of important data over the past two years. That leads us to conclude that hackers are winning.
The Target: Insider Threats
It might surprise you, but most organizations struggle to implement and maintain access controls—a basic security building block for file and e-mail systems. Employees and contractors typically have access to far more sensitive data than they need to do their jobs. This makes it much easier for intruders and insiders to do a lot of damage.
In the study, 88 percent of end users said their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, or other private or confidential information assets. Sixty-two percent believe they have access to company data they probably shouldn’t see. This, combined with a lack of monitoring and auditing for the files and documents employees do access (only 25 percent of organizations audit all employees and third-party activity), sets organizations up for disaster. When employees access valuable data and their activity is not tracked or audited, an external hacker or a malicious insider can easily get away unnoticed.
Previously, it would seem the focus of protection has been chosen based on a secure perimeter mindset and compliance requirements, rather than on strategic risk assessments. This is highlighted by another survey from the Ponemon Institute and the law firm Kilpatrick Townsend & Stockton that notes 60 percent of companies said at least some of their trade secrets are likely in the hands of rivals. And 74 percent said it was likely that their organization had “failed to detect a data breach involving the loss or theft of knowledge assets.”
Files and E-mails: The Root of Scandal
The data at the center of most highly publicized breaches are files, e-mails, and documents. This is the type of data that organizations usually have the most of and know the least about.
Most people assume their e-mails are read only by their intended recipients, making them rife with both personal and professional sensitive information. And, when that data is made publicly available by a hacker, everyone suffers—particularly executives. Hillary Clinton’s campaign chairman, John Podesta, saw his most sensitive and embarrassing e-mails published during the U.S. presidential campaign, reportedly because he innocently clicked on a phishing e-mail and opened the door to the files. The Democratic National Committee CEO and party chairwoman, Sony Pictures’ co-chair, the director of the U.S. Office of Personnel Management (OPM), and the CEOs of Target and Ashley Madison were all casualties following their widely publicized breaches.
When exposed, e-mails, files, presentations, and Word documents can damage the reputation of a company in the eyes of its customers, partners, and employees. This data is in dire need of better protection. Access and activity should be monitored and analyzed, patterns of normalcy defined and understood, and anomalous activity … Next Page »