Security Starts With People: Know Who They Are, Know What They Do

November 29, 2016
| |
3 min read

Each day, in every corporation, school, government organization and nonprofit, people are generating great value for the economy by creating, manipulating and interacting with precious information. In fact, much of the value in today’s economy is created and stored digitally, from intellectual property, trade secrets and customer lists to the actual dollars they generate. At the same time, cybercriminals are engineering complex breaches to access and steal that information.

Security Starts With People

In both scenarios, the story starts with people, which is why security must start there as well. To prevent cybercriminals from stealing the fruits of their labor, organizations must know who their people are and understand what they do.

The identities of your trusted users remain a major attack vector. In fact, 63 percent of confirmed data breaches involved weak or stolen passwords, per Verizon’s “2016 Data Breach Investigations Report.” In addition to proving that security starts with people, this troubling statistic tells us two things. First, it’s critical to know whether an impostor is leveraging stolen credentials. The best way to prevent a breach is to gauge the risk of an access request coming from an impostor and respond quickly by locking the account. Second, passwords are just not strong enough to assure the identities of users accessing sensitive information.

For example, let’s say a U.S.-based engineer usually accesses proprietary code from his or her work laptop in the office during normal workday hours. Now this same employee is trying to access that information from China in the middle of the night using an unrecognized tablet. This is likely an impostor leveraging stolen credentials, so it’s imperative that organizations recognize these types of requests. If, by chance, it really is the legitimate employee on a business trip, this employee must have the tools, such as biometric authentication, to prove his or her identity with a high degree of assurance.

Strong authentication is necessary to address both of these issues. Access policies that take the context of the request into consideration, coupled with a variety of user-friendly, strong authentication methods, can increase security without compromising productivity.

Minimizing the Insider Threat

As painful as it is to admit, sometimes security threats come from within our own walls. In 2015, IBM X-Force found that 44.5 percent of attacks against corporations involved a malicious insider. Employees or third parties with privileged access to sensitive data carry the greatest risks. They have the potential to inflict maximum damage and can be hard to detect because they regularly manipulate sensitive information for their jobs.

To protect against insider threats, it is best to take a two-pronged approach. First, reduce exposure to harmful insider actions by putting the right security measures in place around sensitive data and ensuring access is granted only to those who truly need it. Identity governance, user life cycle management and the right access policies play a key role in minimizing risk.

For users who legitimately need access to sensitive information, organizations must be able to detect insider threats. Enterprises can greatly reduce the potential damage of an attack by anticipating the risk of malicious actions before they occur and responding promptly when breached.

Let’s say, for example, that a financial analyst generally accesses revenue data once or twice at the end of the quarter, but has gone in five times this week and it’s nowhere near the quarter’s end. HR data indicates this individual was denied a promotion. These risk factors isolate the employee’s behavior among millions of other transaction points for additional investigation.

Organizations can observe users’ behaviors while respecting their right to confidentiality, striking a balance between security and privacy. Available corporate data, when evaluated jointly with transactional patterns, can offer insights on the risks of malicious behaviors.

What’s Next?

IBM announced several product enhancements and a new service offering to help customers know their people and understand what they do. IBM Verify, a mobile multifactor authentication capability, assists organizations in knowing their users and protecting themselves with simple, strong authentication using mobile biometrics.

IBM also strengthened the capabilities of its governance and privileged identity management tools to reduce risk and protect your most sensitive data. These solutions use business activities and actionable dashboards to identify risky access and act upon it quickly and easily. Additionally, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence.

Fight Back Against Insider Threats — Join the Dec. 14 webinar to learn how

Laurène Hummer
Offering Manager for IAM Services, IBM Security

Laurène Hummer is the offering manager for Identity and Access Management Services at IBM. In this role, she defines, designs and delivers service offerings...
read more