What threat do you consider the greatest risk to your data’s security? Would you believe the answer should be your own users?

While you’re busy guarding the perimeter, insiders can cause significant damage and financial loss. According to the “IBM 2016 Cyber Security Intelligence Index,” 60 percent of data breaches are caused by insider threats.

Guarding the Crown Jewels

India’s information technology and business process management (IT-BPM) industry sector continues to be one of the largest employers in the country, directly employing nearly 3.7 million professionals. According to NASSCOM, the industry generated revenues of $143 billion in FY 2016. Any security breach in this sector could damage India’s image as a secure services partner of companies around the world.

With more frequent insider attacks, it is important for organizations to take a closer look at how they manage privileged users. These are individuals with access to an organization’s critical data — the crown jewels to cybercriminals.

Defending Against Insider Threats

Whether they are accessing data in insecure locations, deliberately exposing data or exposing their credentials to outside attackers, privileged users can wreak havoc on the most secure infrastructure. If those privileged users aren’t being properly tracked and monitored, there’s no way of knowing which assets are being compromised.

Below are some tips to help organizations protect against insider threats:

Integrate Privileged User Management Processes With HR Systems

Organizations are in a constant state of flux — projects and initiatives start, finish or are abandoned, which brings in new employees, contractors and suppliers and alters the data stored on different systems. It only gets harder as people change roles or leave over time.

According to a recent survey, when employees leave a company, they frequently take sensitive data with them: About 88 percent of respondents took company strategy documents and/or presentations, 31 percent took customer contact lists and 25 percent took intellectual property.

It is extremely important that users, accounts, roles and privileges are in sync. This means that an organization’s HR systems need to be fully integrated with its privilege management processes.

Use Context-Aware Authentication

Context-aware authentication can protect against intrusion attempts by making it more difficult to compromise privileged users. This is because accounts that require such authentication for logins cannot be accessed remotely unless the attacker can clear context-aware security checks such as user location, network address or the time of day.

Apply Privileged Identity Management (PIM) and Data Security Solutions

Detecting unusual activity around sensitive data by a privileged account is often the first observable indicator of an attack. It is essential to have a data security solution that supports entitlement reporting and can pair with real-time, automated analytics to spot unusual behavior.

Minimizing the Threat

While the threat of data theft and breaches caused by insider threats cannot be completely eliminated in India or elsewhere, it can certainly be minimized with proper planning and considerations discussed above. Organizations can go a long way towards an effective defense against insider threats by managing their privileged users more efficiently.

Read the full research report: Battling security threats from within your organization

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…