Imagine you are watching a Western movie. The bad guy walks into a bank, pulls out a gun, approaches the teller and says, “This is a holdup! Give me all your money!” At that point, you know who is playing which role — and that one is being robbed blind. But in the modern world of anonymity, it’s difficult to distinguish the robber from the teller, confirm that the teller isn’t the robber or even know you are being robbed.

Most organizations are unaware when their most valuable asset — sensitive data — is stolen. They also don’t know if the robber was inside or outside the organization. In these days of the silent holdup, where businesses are left scratching their heads wondering whether something bad just happened, data security is a key part of rewriting the script.

Insider data breaches can come from an annoyed or malicious employee or business partner, or from someone whose credentials have been compromised. Despite the fact that insider data breaches are as frequent as — and probably more damaging than — external attacks, the majority of the limelight and budget is focused on securing the perimeter.

This clearly represents an imbalance that leaves organizations exposed to greater risk — and an area that leaves your company open to devastating data losses.

A Streamlined Approach to Stopping Insider Threats

Securing data against insiders requires a streamlined and thoughtful approach that includes several key capabilities:

  • Entitlement reporting provides the ability to tie into systems that manage privileged users, discern who should have access to different types of data and set up rules about who can see, touch, change or delete sensitive data.
  • Real-time monitoring of sensitive data should exist wherever that data resides — in files, databases, big data platforms and more.
  • Actionable advanced analytics and machine learning, running in real time, alert you to risky or unusual user activities. These analytics should be able to trigger actions such as blocking data access, masking data or quarantining users.
  • Deep data protection is applied to data at rest and in motion, including encryption, masking and redaction.
  • Adaptability is needed because the data environment is constantly changing and growing. The architecture must be able to adjust to changes in the IT environment (e.g., to automatically support larger data volumes and new technologies) to keep costs low and ensure a manageable environment.

The bad guys continue to evolve, however, and as a result, the key capabilities above are no longer enough: You need to be able to spot and stop data breaches before they get fully underway.

Read the white paper: Get smart to shut down insider threats

Could You Spot Data Breaches Before They Start?

The robbers and bad guys just keep getting smarter and sneakier. What’s an organization to do?

Start by figuring out who is a teller and who is a robber. Intelligent data forensics and interactive dashboards can help give you a leg up, providing new visibility and insight into who is doing what with your data. New capabilities are emerging to take this next step.

Threat Diagnostic Centers

Recently, organizations have been inquiring about the availability of threat diagnostic centers. These intelligent centers include specialized threat detection analytics that can scan and analyze data. The goal is to detect symptoms, such as SQL injections and malicious stored procedures, that may indicate a data repository attack is underway. When it comes to insider threats, malicious stored procedures might, for example, be left by a disgruntled database administrator (aka your bank teller) who wants to disguise activities related to an important table (aka gold bars).

Don’t be fooled! Some data security solutions rely on comparisons against a dictionary of attack signatures, which can change endlessly. Look for a solution that can analyze data activity for specific patterns of events or behavior that could indicate an SQL injection attack or malicious stored procedure. This approach is flexible and does not require the constant updating of signatures.

Data Protection Dashboards

A data protection dashboard should allow you to see and track your data and data repository risk and compliance posture from a central dashboard. This dashboard will be very useful for your security team as they assess risk. It would also provide insight so that everyone, including executive stakeholders, can see and understand the sensitive data environment.

Dashboards that show dynamic graphical and statistical views can help you clearly visualize the business’s overall security heartbeat. From there, you can plan and take the appropriate action, whether the risk is coming from the inside or the outside.

Collective Intelligence, or the Data Security Neighborhood Watch

It’s important not to forget about the rest of the environment while you’re securing your sensitive data. To that end, an integrated environment in which security components work in harmony can create greater combined intelligence and data protection.

What you want is an intelligent neighborhood watch for data security. When it comes to safeguarding sensitive data, data security, privileged identity management and security intelligence need to support each other with intelligence and analytics that proactively protect the business. For example, by tightly integrating your data security and privileged identity solutions, you can prevent internal threats from rogue shared IDs and from other suspicious users.

With this integration, and by closely monitoring behavior and establishing normal data usage patterns from shared IDs, you should be able to spot abnormal behavior and stop data loss before it happens. For example, you need to be able to block and/or quarantine compromised or disabled shared IDs and identify who was using that ID at the time of an incident.

Implementing a Cohesive Security Solution

But there’s still more you can do to take integration and intelligence further to stop threats. By integrating data security with both product information management (PIM) and security information and event management (SIEM) solutions, you gain another layer of protection.

The 360-degree integration between data and SIEM solutions allows you to detect and prioritize threats in real time before they reach the data source. The two solutions should support each other, automatically correlate events and detect anomalies. They also need to share that information to zone in on high-priority threats.

In this age of the silent holdup, don’t be left wondering whether something bad just happened. With the right data security solution, you’ll be able to leverage more intelligence, insight and agility to spot robbers before they strike — all while eliminating silos, supporting new technologies and reducing costs.

IBM Security Guardium v10.1 supports all these capabilities and can help you start rewriting the script to safeguard sensitive data and spot the robbers regardless of whether they’re impersonating your tellers or walking through the front door.

Read the white paper: Get smart to shut down insider threats

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.Understanding Attack Surface ManagementHere are some key…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…