Major League Baseball’s spring training will wrap up in a matter of weeks, and baseball stadiums everywhere are getting ready for opening day — you might even be able to smell the peanuts already. But when it comes to your sensitive data security, do you know who’s on first? More importantly, do you know who’s stealing home — and potentially stealing your sensitive data, too?

Unfortunately, most organizations don’t have this much awareness of or control over insiders accessing sensitive data. Sometimes they have no awareness of who has access to sensitive data. This is particularly problematic and risky when it comes to privileged users, who have access to everything important.

What’s even more interesting is that a 2015 IBM X-Force report indicated that 55 percent of all attacks are related to insider threats. Similarly, findings from PwC’s “2015 Information Security Breaches Survey” in the U.K. found that “75 percent of large organizations and 31 percent of small businesses suffered from staff-related security breaches in the last year.” To make matters worse, exactly half of the worst breaches were caused by human error.

Who Represents an Insider Threat?

When it comes to insider threats, there are several types of risks to watch for.

Organizations tend to be more sensitive to disgruntled or malicious employees that represent risks. Those risks can range from causing minor disruptions or embarrassment because of a disgruntled employee to major disruptions and brand damage from sensitive data being leaked or destroyed.

However, there are two other types of insider risks that tend to be more overlooked: the third party with access to sensitive systems or data and the employee who falls victim to schemes. Any of us can end up being that employee under certain circumstances.

If they have access to sensitive data or systems, third parties such as suppliers or outsourced IT teams should be monitored as if they are a standard part of the organization. It’s any of these insiders with privileged access to sensitive data and systems that represent the greatest risk. They need to be evaluated and monitored closely to reduced risks.


Getting Started: Know Your Users and Data

It’s not all gloom and doom. There is a simple way to start taking control and reducing risk. There are just two things you need to do: Know your users and know your data!

When it comes to knowing your users, you need to start answering the following questions:

  1. Who has access to sensitive data?
  2. Who should have access?
  3. What are users doing with data?
  4. What are administrators doing with data?

Likewise, when it comes to knowing your data, begin thinking through and determining the answers to these four questions:

  1. What data is sensitive and where does it live?
  2. Is the right sensitive data being exposed to the right users?
  3. What risk is associated with sensitive data?
  4. Can you control privileged user access to sensitive data?

Identity management and data security technologies exist to make answering and resolving these questions easier. You can get started by just sitting down and considering your top sensitive systems and who has access to them. You’ll start to get a feel for your risks and exposures very quickly.

When you want to take a more controlled look at knowing your users, there are two important things you need to put into action: You must manage access, and you must trust but verify. When managing privileged access, it’s critical never to allow users direct access to sensitive systems or to the master password that will provide access to those systems. By having privileged users log in under a personal user ID and password, which triggers a hidden master password to open access, you are able to learn who is accessing data and take specific action if any risks emerge.

Then, you must trust but verify. Allow privileged users to have the access they need, but record and monitor their sessions. This way, you create a record of their activities, identify what’s gone wrong and take appropriate action.

Essential Capabilities for Data Security

There are a few capabilities that are essential to taking a closer look at your data. The first is automated discovery and classification of sensitive data. Frequently, sensitive data occurs in more systems than you would think; for example, one client IBM worked with thought it had sensitive data in 20 systems, but that number actually ended up being 200 systems. Automated discovery and classification is important because if you don’t know where your sensitive data is, you can’t possibly protect it.

The second essential capability is real-time data activity monitoring combined with entitlement reporting. By leveraging these capabilities, you can see who is accessing sensitive data. When paired with automated analytics and machine learning, real-time data activity monitoring can help you establish a baseline of normal user behavior and then spot unusual behavior or access patterns.

Finally, the third essential capability is to take immediate action to safeguard sensitive data to prevent loss. By leveraging a solution that allows you to preset security policies, that solution can take action for you if unusual behavior does occur. It can block access, alert the security team or quarantine suspicious users until investigation can be completed.

For the greatest protection against insider threats, you should rely on an integrated security landscape where your privileged identity management solution and your data security solution work with the broader security environment for the greatest degree of intelligence and protection.

Learn more: read the X-FORCE THREAT INTELLIGENCE REPORT on Insider Threats

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read