Light Dark
November 13, 2017 By Aubre Andrus 3 min read
Data Protection
Topics

The Emperor was the greatest chief information security officer (CISO) in the land. He felt like the inside of his digital castle was as safe as it could be — there were no external attacks to be found. Any fraudster who tried to scale those walls would be caught immediately thanks to the oodles of protections he had put in place. No outsider would be able to access the Emperor’s priceless data unless he or she were invited to the party. Inside his castle was a happy place. Those who were invited within its walls were greeted with complete trust and friendliness.

That’s why this particular day was so unusual. The Emperor’s security team was alerted to a few peculiar breaches. Someone had accessed some ultrasensitive data, and the crown jewels were at risk! Having this kind of intellectual property stolen was bad news — very bad news. What was the Emperor to do?

The Naked Truth About Insider Threats

He immediately looked outside the castle walls. Who could have broken through his blocks and barricades? He rallied his team and told them to look outward to identify the threat. “Add more firewalls, more authentications!” The Emperor shouted. “Keep everyone out of these walls!” He was frantic now. The crown jewels were irreplaceable.

“Have you considered internal threats, sir?” one security team member suggested.

“Well, of course, but I trust my people!” the Emperor responded as he looked around the room. “No one would do this to me. Keep searching!”

The members of the security team kept their heads down. They couldn’t argue with the Emperor. They kept monitoring the system and looking for the cause of the breach, but it was too late.

“Sir, the data — it’s all been compromised!” another security team member yelled.

Now the Emperor was completely dismayed. He paced the hallways and stopped in front of the window. He looked beyond his walls and wondered out loud, “Who is doing this to us?” His own reflection stared back at him, as did the reflections of all his employees working chaotically within the castle walls.

Suddenly, the Emperor was reminded of a time long ago when he trusted someone dearly, but ended up being completely exposed and taken advantage of. Once again, he felt naked in front of everyone. “The culprit is within our very own walls!” he bellowed. He was sure of it now — insider threats were real, not imaginary. “How could I have been so trusting?”

With the Emperor’s permission, the members of the security team could now focus their attention internally. It didn’t take long for them to find exactly what they were looking for: One of the Emperor’s most trusted advisors, a database admin, had been secretly accessing data in the middle of the night for the past few weeks. Because she was a privileged user, the Emperor’s security team hadn’t even bothered monitoring her habits. That is, until it was too late.

“Never again!” The Emperor cried. “This is the last time I let my guard down.”

Guarding the Castle’s Crown Jewels

Data is always changing hands and moving around, with more users accessing it with greater frequency than ever before. Knowing who is accessing that data is step one in preventing insider threats. These can include both malicious actors who are specifically trying to exfiltrate data for personal gain and inadvertent actors who may accidentally click an infected link or download an email attachment that loads malware onto their machines.

Needless to say, the Emperor learned the importance of putting up his guard. Well, his Guardium, which delivers real-time monitoring so security professionals can see who is accessing what data (including even the most privileged users), where and when, as well as continuous analysis of this data to uncover unauthorized or suspicious activities and trends over time. From now on, the Emperor’s data is safe. And he knows that protecting against insider threats, whether accidental or malicious, is key to preventing data breaches.

Read the white paper: Get smart to shut down insider threats

Click here to read more lessons in security and discover how all our favorite fairy tale characters learned to live securely ever after.

 |  |  |  | 
Aubre Andrus
Children's Book Author

More from Data Protection
October 24, 2024

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

October 22, 2024

What NIST’s post-quantum cryptography standards mean for data security

2 min read - Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to look forward and begin to prepare against upcoming risk factors.The National Institute of Standards and Technology (NIST) published its first set of post-quantum cryptography (PQC) standards. This landmark announcement is an important marker in the modern cybersecurity landscape, cementing the indeterminate future…

October 22, 2024

Best practices on securing your AI deployment

4 min read - As organizations embrace generative AI, there are a host of benefits that they are expecting from these projects—from efficiency and productivity gains to improved speed of business to more innovation in products and services. However, one factor that forms a critical part of this AI innovation is trust. Trustworthy AI relies on understanding how the AI works and how it makes decisions.According to a survey of C-suite executives from the IBM Institute for Business Value, 82% of respondents say secure and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature