Light Dark
March 18, 2016 By Leslie Wiggins 4 min read
Data Protection

Major League Baseball’s spring training will wrap up in a matter of weeks, and baseball stadiums everywhere are getting ready for opening day — you might even be able to smell the peanuts already. But when it comes to your sensitive data security, do you know who’s on first? More importantly, do you know who’s stealing home — and potentially stealing your sensitive data, too?

Unfortunately, most organizations don’t have this much awareness of or control over insiders accessing sensitive data. Sometimes they have no awareness of who has access to sensitive data. This is particularly problematic and risky when it comes to privileged users, who have access to everything important.

What’s even more interesting is that a 2015 IBM X-Force report indicated that 55 percent of all attacks are related to insider threats. Similarly, findings from PwC’s “2015 Information Security Breaches Survey” in the U.K. found that “75 percent of large organizations and 31 percent of small businesses suffered from staff-related security breaches in the last year.” To make matters worse, exactly half of the worst breaches were caused by human error.

Who Represents an Insider Threat?

When it comes to insider threats, there are several types of risks to watch for.

Organizations tend to be more sensitive to disgruntled or malicious employees that represent risks. Those risks can range from causing minor disruptions or embarrassment because of a disgruntled employee to major disruptions and brand damage from sensitive data being leaked or destroyed.

However, there are two other types of insider risks that tend to be more overlooked: the third party with access to sensitive systems or data and the employee who falls victim to schemes. Any of us can end up being that employee under certain circumstances.

If they have access to sensitive data or systems, third parties such as suppliers or outsourced IT teams should be monitored as if they are a standard part of the organization. It’s any of these insiders with privileged access to sensitive data and systems that represent the greatest risk. They need to be evaluated and monitored closely to reduced risks.

DOWNLOAD THE X-FORCE THREAT INTELLIGENCE REPORT: THREATS FROM INSIDE

Getting Started: Know Your Users and Data

It’s not all gloom and doom. There is a simple way to start taking control and reducing risk. There are just two things you need to do: Know your users and know your data!

When it comes to knowing your users, you need to start answering the following questions:

  1. Who has access to sensitive data?
  2. Who should have access?
  3. What are users doing with data?
  4. What are administrators doing with data?

Likewise, when it comes to knowing your data, begin thinking through and determining the answers to these four questions:

  1. What data is sensitive and where does it live?
  2. Is the right sensitive data being exposed to the right users?
  3. What risk is associated with sensitive data?
  4. Can you control privileged user access to sensitive data?

Identity management and data security technologies exist to make answering and resolving these questions easier. You can get started by just sitting down and considering your top sensitive systems and who has access to them. You’ll start to get a feel for your risks and exposures very quickly.

When you want to take a more controlled look at knowing your users, there are two important things you need to put into action: You must manage access, and you must trust but verify. When managing privileged access, it’s critical never to allow users direct access to sensitive systems or to the master password that will provide access to those systems. By having privileged users log in under a personal user ID and password, which triggers a hidden master password to open access, you are able to learn who is accessing data and take specific action if any risks emerge.

Then, you must trust but verify. Allow privileged users to have the access they need, but record and monitor their sessions. This way, you create a record of their activities, identify what’s gone wrong and take appropriate action.

Essential Capabilities for Data Security

There are a few capabilities that are essential to taking a closer look at your data. The first is automated discovery and classification of sensitive data. Frequently, sensitive data occurs in more systems than you would think; for example, one client IBM worked with thought it had sensitive data in 20 systems, but that number actually ended up being 200 systems. Automated discovery and classification is important because if you don’t know where your sensitive data is, you can’t possibly protect it.

The second essential capability is real-time data activity monitoring combined with entitlement reporting. By leveraging these capabilities, you can see who is accessing sensitive data. When paired with automated analytics and machine learning, real-time data activity monitoring can help you establish a baseline of normal user behavior and then spot unusual behavior or access patterns.

Finally, the third essential capability is to take immediate action to safeguard sensitive data to prevent loss. By leveraging a solution that allows you to preset security policies, that solution can take action for you if unusual behavior does occur. It can block access, alert the security team or quarantine suspicious users until investigation can be completed.

For the greatest protection against insider threats, you should rely on an integrated security landscape where your privileged identity management solution and your data security solution work with the broader security environment for the greatest degree of intelligence and protection.

Learn more: read the X-FORCE THREAT INTELLIGENCE REPORT on Insider Threats

 |  |  | 
Leslie Wiggins
Program Director, IBM Security

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature