November 13, 2017 By Aubre Andrus 3 min read

The Emperor was the greatest chief information security officer (CISO) in the land. He felt like the inside of his digital castle was as safe as it could be — there were no external attacks to be found. Any fraudster who tried to scale those walls would be caught immediately thanks to the oodles of protections he had put in place. No outsider would be able to access the Emperor’s priceless data unless he or she were invited to the party. Inside his castle was a happy place. Those who were invited within its walls were greeted with complete trust and friendliness.

That’s why this particular day was so unusual. The Emperor’s security team was alerted to a few peculiar breaches. Someone had accessed some ultrasensitive data, and the crown jewels were at risk! Having this kind of intellectual property stolen was bad news — very bad news. What was the Emperor to do?

The Naked Truth About Insider Threats

He immediately looked outside the castle walls. Who could have broken through his blocks and barricades? He rallied his team and told them to look outward to identify the threat. “Add more firewalls, more authentications!” The Emperor shouted. “Keep everyone out of these walls!” He was frantic now. The crown jewels were irreplaceable.

“Have you considered internal threats, sir?” one security team member suggested.

“Well, of course, but I trust my people!” the Emperor responded as he looked around the room. “No one would do this to me. Keep searching!”

The members of the security team kept their heads down. They couldn’t argue with the Emperor. They kept monitoring the system and looking for the cause of the breach, but it was too late.

“Sir, the data — it’s all been compromised!” another security team member yelled.

Now the Emperor was completely dismayed. He paced the hallways and stopped in front of the window. He looked beyond his walls and wondered out loud, “Who is doing this to us?” His own reflection stared back at him, as did the reflections of all his employees working chaotically within the castle walls.

Suddenly, the Emperor was reminded of a time long ago when he trusted someone dearly, but ended up being completely exposed and taken advantage of. Once again, he felt naked in front of everyone. “The culprit is within our very own walls!” he bellowed. He was sure of it now — insider threats were real, not imaginary. “How could I have been so trusting?”

With the Emperor’s permission, the members of the security team could now focus their attention internally. It didn’t take long for them to find exactly what they were looking for: One of the Emperor’s most trusted advisors, a database admin, had been secretly accessing data in the middle of the night for the past few weeks. Because she was a privileged user, the Emperor’s security team hadn’t even bothered monitoring her habits. That is, until it was too late.

“Never again!” The Emperor cried. “This is the last time I let my guard down.”

Guarding the Castle’s Crown Jewels

Data is always changing hands and moving around, with more users accessing it with greater frequency than ever before. Knowing who is accessing that data is step one in preventing insider threats. These can include both malicious actors who are specifically trying to exfiltrate data for personal gain and inadvertent actors who may accidentally click an infected link or download an email attachment that loads malware onto their machines.

Needless to say, the Emperor learned the importance of putting up his guard. Well, his Guardium, which delivers real-time monitoring so security professionals can see who is accessing what data (including even the most privileged users), where and when, as well as continuous analysis of this data to uncover unauthorized or suspicious activities and trends over time. From now on, the Emperor’s data is safe. And he knows that protecting against insider threats, whether accidental or malicious, is key to preventing data breaches.

Read the white paper: Get smart to shut down insider threats

Click here to read more lessons in security and discover how all our favorite fairy tale characters learned to live securely ever after.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today