November 29, 2016 By Laurène Hummer 3 min read

Each day, in every corporation, school, government organization and nonprofit, people are generating great value for the economy by creating, manipulating and interacting with precious information. In fact, much of the value in today’s economy is created and stored digitally, from intellectual property, trade secrets and customer lists to the actual dollars they generate. At the same time, cybercriminals are engineering complex breaches to access and steal that information.

Security Starts With People

In both scenarios, the story starts with people, which is why security must start there as well. To prevent cybercriminals from stealing the fruits of their labor, organizations must know who their people are and understand what they do.

The identities of your trusted users remain a major attack vector. In fact, 63 percent of confirmed data breaches involved weak or stolen passwords, per Verizon’s “2016 Data Breach Investigations Report.” In addition to proving that security starts with people, this troubling statistic tells us two things. First, it’s critical to know whether an impostor is leveraging stolen credentials. The best way to prevent a breach is to gauge the risk of an access request coming from an impostor and respond quickly by locking the account. Second, passwords are just not strong enough to assure the identities of users accessing sensitive information.

For example, let’s say a U.S.-based engineer usually accesses proprietary code from his or her work laptop in the office during normal workday hours. Now this same employee is trying to access that information from China in the middle of the night using an unrecognized tablet. This is likely an impostor leveraging stolen credentials, so it’s imperative that organizations recognize these types of requests. If, by chance, it really is the legitimate employee on a business trip, this employee must have the tools, such as biometric authentication, to prove his or her identity with a high degree of assurance.

Strong authentication is necessary to address both of these issues. Access policies that take the context of the request into consideration, coupled with a variety of user-friendly, strong authentication methods, can increase security without compromising productivity.

Minimizing the Insider Threat

As painful as it is to admit, sometimes security threats come from within our own walls. In 2015, IBM X-Force found that 44.5 percent of attacks against corporations involved a malicious insider. Employees or third parties with privileged access to sensitive data carry the greatest risks. They have the potential to inflict maximum damage and can be hard to detect because they regularly manipulate sensitive information for their jobs.

To protect against insider threats, it is best to take a two-pronged approach. First, reduce exposure to harmful insider actions by putting the right security measures in place around sensitive data and ensuring access is granted only to those who truly need it. Identity governance, user life cycle management and the right access policies play a key role in minimizing risk.

For users who legitimately need access to sensitive information, organizations must be able to detect insider threats. Enterprises can greatly reduce the potential damage of an attack by anticipating the risk of malicious actions before they occur and responding promptly when breached.

Let’s say, for example, that a financial analyst generally accesses revenue data once or twice at the end of the quarter, but has gone in five times this week and it’s nowhere near the quarter’s end. HR data indicates this individual was denied a promotion. These risk factors isolate the employee’s behavior among millions of other transaction points for additional investigation.

Organizations can observe users’ behaviors while respecting their right to confidentiality, striking a balance between security and privacy. Available corporate data, when evaluated jointly with transactional patterns, can offer insights on the risks of malicious behaviors.

What’s Next?

IBM announced several product enhancements and a new service offering to help customers know their people and understand what they do. IBM Verify, a mobile multifactor authentication capability, assists organizations in knowing their users and protecting themselves with simple, strong authentication using mobile biometrics.

IBM also strengthened the capabilities of its governance and privileged identity management tools to reduce risk and protect your most sensitive data. These solutions use business activities and actionable dashboards to identify risky access and act upon it quickly and easily. Additionally, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence.

Fight Back Against Insider Threats — Join the Dec. 14 webinar to learn how

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today