With the explosive growth of the Internet of Things (IoT), big data, cloud computing, and mobility, much attention is given to protecting information assets from outside attacks—ransomware, spear phishing, hacktivism, Advanced Persistent Threats (APTs), distributed denial-of-service (DDos) attacks, and more.
Yet, recent statistics point to a different threat.
Insider Incidents Remain a Key Threat to Data Breaches
In their 2016 State of Data Security and Privacy Report, Forrester identified the top three causes of information breaches across firms in North America and Europe in 2015. These include:
- an internal incident within their organization (39 percent)
- an external attack by insiders targeting their organization (27 percent)
- an external attack targeting a business partner/third-party supplier (22 percent)
Meanwhile, human error within the organization was the leading cause of data breaches in healthcare for the past year.
To combat this threat, companies can't just focus on external attacks. In this article, we'll take a closer look at the potential risks from the inside and how to guard against them.
Insider Abuse and Human Error in Data Breach: What's the Difference?
As its name implies, human error in data breaches typically crops up from an innocent mistake or accident. Insider abuse, on the other hand, is the deliberate abuse of the organization's systems by an authorized user.
According to Verizon's 2016 Data Breach report, data breaches from the inside—whether it's an innocent mistake or an intentional act—take the longest to discover.
Data breaches resulting from human error often result from the following scenarios:
- Weak passwords
- Falling for phishing scams while at work (clicking on unsafe attachments, visiting suspicious websites, etc.)
- Sending sensitive info to the wrong recipients
- Use of personal smartphone or laptop using the organization's network
- Accidentally publishing private information to the Internet
- Improper disposal of documents
- Failure to use encryption
- System misconfiguration
- Leaving computers unlocked
- Poor patch management
Insider abuse can take the following forms:
- Unapproved hardware/software
- Remote access to sensitive data
- Data leakage through USB devices
- Unauthorized deletion of data
- Hijacking or abuse of admin accounts
- Unauthorized application usage
- Unauthorized access to shared folders
In Verizon's data breach report, the top motives for insider attacks last year were financial gain, espionage, recreation (just for fun), and activism/ideology.
What You Can Do to Guard Against Human Error and Insider Abuse
Fortunately, you can implement the following straightforward tactics to reduce insider abuse threats and human error in your small business or across your entire enterprise.
- Start by setting strong password requirements.
- Assess your existing system configurations and perform firewall audits. During these audits, look for security loopholes and set up access controls.
- Set up a network analyzer or content-based filtering to monitor data that's shuffling back and forth on your network. Take note that this may not work for encrypted data.
- Secure internal wireless networks through proper encryption and authentication.
- Monitor employees who are about to leave the organization and potentially take data with them. Implement a strict employee exit strategy.
- Audit activities of employees who have access to sensitive data. Also, be careful about providing access privileges.
- Identify portable devices and require registrations for BYODs (Bring Your Own Device).
- Set up a rigorous process on how to dispose of trash.
- Perform background checks and screenings of your employees. Evaluate contractors and third-party vendors.
- Set up financial assistance programs for employees to ward them off from insider abuse for financial gain.
- Educate employees about security. Send regular emails on best practices to avoid data breaches and encourage other employees to report suspicious activities.
- Establish checks and balances for access to confidential info.
- Install continuous file integrity monitoring (FIM) software to detect malicious or unusual insider activity.
Best-of-Class FIM for Insider Abuse Detection
When choosing an FIM tool to safeguard your network from insider abuse and human error, ensure that it performs better than the average FIM software out there. The key word here is average.
While most solutions can detect changes in your files and operating systems, the average FIM tool cannot detect administrative user actions. In a nutshell, it is best to opt for an FIM tool that will allow you to detect changes in the software itself and adjust settings where you can disable admin users from altering features in the FIM which can potentially cover up insider abuse.
CimTrak is one of the few FIMs available today with an audit trail that cannot be altered by users. With real-time monitoring of admin and privileged user actions, insiders will not be able to hide malicious activities and internal threats are reduced significantly. Possible human errors are also tracked.
To start protecting your assets from insider threats and human errors, get your free demo of CimTrak today.
August 30, 2016