March 18, 2016 By Leslie Wiggins 4 min read

Major League Baseball’s spring training will wrap up in a matter of weeks, and baseball stadiums everywhere are getting ready for opening day — you might even be able to smell the peanuts already. But when it comes to your sensitive data security, do you know who’s on first? More importantly, do you know who’s stealing home — and potentially stealing your sensitive data, too?

Unfortunately, most organizations don’t have this much awareness of or control over insiders accessing sensitive data. Sometimes they have no awareness of who has access to sensitive data. This is particularly problematic and risky when it comes to privileged users, who have access to everything important.

What’s even more interesting is that a 2015 IBM X-Force report indicated that 55 percent of all attacks are related to insider threats. Similarly, findings from PwC’s “2015 Information Security Breaches Survey” in the U.K. found that “75 percent of large organizations and 31 percent of small businesses suffered from staff-related security breaches in the last year.” To make matters worse, exactly half of the worst breaches were caused by human error.

Who Represents an Insider Threat?

When it comes to insider threats, there are several types of risks to watch for.

Organizations tend to be more sensitive to disgruntled or malicious employees that represent risks. Those risks can range from causing minor disruptions or embarrassment because of a disgruntled employee to major disruptions and brand damage from sensitive data being leaked or destroyed.

However, there are two other types of insider risks that tend to be more overlooked: the third party with access to sensitive systems or data and the employee who falls victim to schemes. Any of us can end up being that employee under certain circumstances.

If they have access to sensitive data or systems, third parties such as suppliers or outsourced IT teams should be monitored as if they are a standard part of the organization. It’s any of these insiders with privileged access to sensitive data and systems that represent the greatest risk. They need to be evaluated and monitored closely to reduced risks.

DOWNLOAD THE X-FORCE THREAT INTELLIGENCE REPORT: THREATS FROM INSIDE

Getting Started: Know Your Users and Data

It’s not all gloom and doom. There is a simple way to start taking control and reducing risk. There are just two things you need to do: Know your users and know your data!

When it comes to knowing your users, you need to start answering the following questions:

  1. Who has access to sensitive data?
  2. Who should have access?
  3. What are users doing with data?
  4. What are administrators doing with data?

Likewise, when it comes to knowing your data, begin thinking through and determining the answers to these four questions:

  1. What data is sensitive and where does it live?
  2. Is the right sensitive data being exposed to the right users?
  3. What risk is associated with sensitive data?
  4. Can you control privileged user access to sensitive data?

Identity management and data security technologies exist to make answering and resolving these questions easier. You can get started by just sitting down and considering your top sensitive systems and who has access to them. You’ll start to get a feel for your risks and exposures very quickly.

When you want to take a more controlled look at knowing your users, there are two important things you need to put into action: You must manage access, and you must trust but verify. When managing privileged access, it’s critical never to allow users direct access to sensitive systems or to the master password that will provide access to those systems. By having privileged users log in under a personal user ID and password, which triggers a hidden master password to open access, you are able to learn who is accessing data and take specific action if any risks emerge.

Then, you must trust but verify. Allow privileged users to have the access they need, but record and monitor their sessions. This way, you create a record of their activities, identify what’s gone wrong and take appropriate action.

Essential Capabilities for Data Security

There are a few capabilities that are essential to taking a closer look at your data. The first is automated discovery and classification of sensitive data. Frequently, sensitive data occurs in more systems than you would think; for example, one client IBM worked with thought it had sensitive data in 20 systems, but that number actually ended up being 200 systems. Automated discovery and classification is important because if you don’t know where your sensitive data is, you can’t possibly protect it.

The second essential capability is real-time data activity monitoring combined with entitlement reporting. By leveraging these capabilities, you can see who is accessing sensitive data. When paired with automated analytics and machine learning, real-time data activity monitoring can help you establish a baseline of normal user behavior and then spot unusual behavior or access patterns.

Finally, the third essential capability is to take immediate action to safeguard sensitive data to prevent loss. By leveraging a solution that allows you to preset security policies, that solution can take action for you if unusual behavior does occur. It can block access, alert the security team or quarantine suspicious users until investigation can be completed.

For the greatest protection against insider threats, you should rely on an integrated security landscape where your privileged identity management solution and your data security solution work with the broader security environment for the greatest degree of intelligence and protection.

Learn more: read the X-FORCE THREAT INTELLIGENCE REPORT on Insider Threats

More from Data Protection

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today