Data Protection January 5, 2016
By Christina Thompson 2 min read

Ever hear the expression “don’t let the fox guard the henhouse”? The farmer knows his chickens are valuable and puts them in a safe coop with a lock and a roof, protecting them from external threats such as opossums, cats and hawks.

But what is the farmer doing to protect from within the coop? There are measures the farmer has to take — starting with not inviting the fox inside to be the guard!

Watch Out for the Insider Threat

The threats that companies often overlook come from the inside. While outsiders were found to be responsible for 45 percent of the cyberattacks recorded in 2014, 55 percent of attacks were carried out by those who had insider access to organizations’ systems.

Download the white Paper: Get Smart to Shut Down Insider Threats

The insider threat encompasses not only malicious employees who want to do harm, but also compromised corporate IDs and credentials — for example, a user who inadvertently clicks on a suspicious email attachment that exposes the system (and possibly the corporate network) to malware is an insider threat.

Additionally, trusted third-party contractors also count as an insider threat since they have access and entitlements to systems and data that mirror those of direct employees. These can include electricians, construction workers or other repair personnel who come into physical locations or have access to networks. Abusing this type of third-party access demonstrates that attackers can steal third-party credentials and gain access into networks.

Given the complexity of securing sensitive data against internal and external risks, data security is not a one-and-done event; it’s an ongoing process that must be continuously managed, monitored, enhanced and audited across the entire organization. Data security must be deployed as a process that integrates with other security practices (in particular, identity and access management and vulnerability management) as well as other critical business processes.

How to Form the Security Program

Just like the farmer building a safe environment for his chickens, organizations must build strong security programs to defend and protect against new and emerging threats — such as SQL injection, cross-site scripting and privileged insider breaches, just to name a few — based on the best practices for database security and compliance.

A strong security program can help protect organizations from the external and insider threat by helping them:

  • Prevent data breaches, insider risk, fraud and unauthorized changes to or the destruction of sensitive data;
  • Monitor privileged users such as database administrators, developers, IT administrators, outsourced personnel, etc.;
  • Virtually eliminate the overhead and complexity of native DBMS, big data and file system audit logs;
  • Automate compliance reporting, vulnerability and configuration assessments and data discovery;
  • Encrypt files;
  • Mask confidential data in test, training and development systems;
  • Redact unstructured data in documents, forms and graphics at rest or dynamically.
 | 
Christina Thompson
Portfolio Marketing Manager, IBM

Christina Francese Thompson is a Portfolio Marketing Manager for IBM Security Guardium on the Security Marketing team. She initially joined IBM 11 years ago ...

More from Data Protection
Cloud Security   March 15, 2023

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Data Protection   March 7, 2023

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

Data Protection   March 1, 2023

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Intelligence & Analytics   February 21, 2023

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature