Organizations across the globe uncover new and better ways to leverage their customer data every day. But as these digital assets become more valuable to their corporate owners, they also become more appealing to cybercriminals.
Cybercrime, and particularly data theft, has evolved into an exceptionally lucrative offense in recent years. As a result, it’s attracting a broader variety of perpetrators.
Today, your organization’s database is more likely to be breached by someone you know — an employee, third-party contractor or partner — than a faceless fraudster from overseas. In fact, 60 percent of attacks are caused by insider threats, according to the “IBM 2016 Cyber Security Intelligence Index,” and the number of internal records leaked across the world has reached approximately 1 billion.
The stakes are high, and there’s more on the table than just bottom-line losses from financial crime. When critical information goes missing, organizations face increased scrutiny of their compliance activities, the possibility of regulatory penalties and, in this age of viral news, fast-spreading reputational and brand damage.
Furthermore, it takes security teams an average of 201 days to identify a data breach, suggesting that extensive damage can be done before responsive steps can even begin.
The Nature of the Beast
Why is this happening? Consider the complexity of the information environment as a whole: Given the accelerating growth of data within today’s organizational environments, the complexity of regulations and compliance requirements, and the ever-present threat of internal and external attacks, organizations face an enormous challenge before they ever purchase a server or install a system.
Even once you’ve installed information and security systems, there’s still often a problem embedded in your infrastructure. In this case, the beast whose very nature may be compromising your data is the database itself.
Database servers contain your most valuable information, such as financial, credit card, patient and other records. Not only do they contain large amounts of critical data, but they are also intentionally constructed to be easily searched and queried in multiple ways. Individuals within your company have numerous entry points to information and many ways to bypass traditional safeguards, including simply extracting it from servers that have been stolen or are no longer in use.
Intentional and Unintentional Threats
The nature of the database enables two key internal threat types: intentional threats, which are created by individuals with specific criminal or otherwise malicious intent; and unintentional threats, which are typically the result of human error. It’s kind of like someone stealing your chained-up bike versus you forgetting to lock it.
Intentional threats generally refer to employees with direct data access or specific privileges, such as the database administrator, system administrator or application administrator, downloading or tampering with data. These tend to be particularly insidious because they are so hard to defend against. Although red flags do exist — such as employees in financial trouble, those who are disgruntled or even those who work in environments with low morale — most organizations lack formal processes for identifying these markers in advance.
Unintentional threats occur when no one is necessarily actively trying to steal data, but the information is left unprotected without anyone knowing it. This can result from database misconfiguration, unauthorized user ID sharing, data exposure during testing and disposing of storage devices without properly cleaning them.
The Full Data Picture
Security teams are further challenged by a general lack of visibility into the full data picture and a poor corporate understanding as to what data is actually at risk. Organizations often lack the ability to identify critical data embedded at various points within their systems and servers.
On top of that, organizations may not know where to look in the first place, how to determine which systems and servers are actually at risk, or how to prioritize them. If you don’t know where critical data lies, how can you protect it?
Defending Your Database
Today’s organizations must have data protection solutions capable of keeping critical data safe from internal threats. These solutions must stop criminals from actively stealing information and also prevent accidental leaks caused by unintended weaknesses in database structure, management or controls.
CTO for Data Security, IBM
Walid Rjaibi is Distinguished Engineer and Chief Technology Officer (CTO) for Data Security with IBM in Toronto, Canada. Prior to his current role, Walid was...