How to defend cloud environments against insider threats
FYI, this story is more than a year old
Article by Bitglass Australia's David Shephard.
Let’s discuss the main types of insider threats facing businesses today and explain how to mitigate their risks through various technologies.
According to a study by Crowd Research Partners, more than 90% of organisations feel vulnerable to insider attacks. This should come as no surprise.
Cloud adoption and bring your own device (BYOD) policies have greatly improved businesses’ agility, but also made sensitive business data far more readily accessible, presenting a significant IT security challenge.
This is demonstrated clearly in widely publicised incidents involving BUPA and the CIA.
Of those questioned by Crowd Research Partners, 53% confirmed that they had experienced an insider attack in the past twelve months; additionally, 27%said that insider attacks have become more commonplace. Both statistics reflect the growing threat that insiders pose to data security.
Unfortunately, in cloud-based IT environments, organisations often struggle to detect anomalous or careless employee behaviours. As such, many must revise their approaches to data protection. However, before deploying a new security solution, it is important to understand four of the most common insider threats faced by businesses today.
1. The rogue employee
Often described as malicious insiders, rogue employees are individuals who set out to steal company data, either from a desire for vengeance, profit or even a competitor’s benefit. A high profile example is the 2015 case of a Mercedes engineer who stole highly sensitive data in order to give it to his new employer, Ferrari.
Unfortunately, insiders with malicious intent have an upper hand when it comes to data theft – they have legitimate credentials that will bypass the majority of their organisations’ security features. If such an individual holds a senior or administrative role, she or he may have unfettered access to an organisation’s most sensitive data
2. The third-party employee
Third parties are frequently overlooked when organisations are planning their security strategies. These insiders often act as fully integrated members of an organisation, even when working from distant locations. Some may also have in-depth familiarity with internal processes and controls, making them just as knowledgeable about security procedures as an internal employee.
3. The hacked account
Compromised credentials are a significant danger for the enterprise. With user names and passwords in hand, outside parties can enter corporate networks through legitimate means and evade security systems.
An example can be found with the global accountancy firm Deloitte. Recently, hackers compromised the organisation’s global email server using a stolen admin account, granting them unfettered access throughout the entire system for months before their activities were discovered.
As this example shows, breaches involving credential compromise can take a great deal of time to identify and remediate. From an IT perspective, it can appear as though account hijackers are simply regular users going about their normal job duties, making it difficult to detect credential compromise.
4. The careless worker
While disgruntled workers clearly pose a serious threat to organisational security, a less obvious threat rests with happy, but careless employees.
These individuals may compromise security inadvertently by using unsecured public Wi-Fi, losing organisational credentials, clicking on suspicious email links, sharing sensitive information with unauthorised parties, or being followed into the office through an access-controlled door. Each of these mishaps offers criminals an opportunity to breach the enterprise.
The unpredictable nature of insider threats means that a proactive, multi-faceted solution is the best form of defence. Below are four different approaches to security which, when combined, create robust protections around cloud-based environments.
Automation: Reactive tools that rely upon humans to manually analyse threats are incapable of protecting data in the high-speed era of the cloud. As such, automated security solutions are vital for businesses today.
Such tools employ machine learning so that they can identify malicious or suspicious behaviours as they take place. For example, when a user suddenly downloads an unusually large amount of data or accesses sensitive information outside of normal working hours. These tools use an analytical, real-time approach in order to uncover threatening behaviour and take corrective actions as needed.
Identity and access management (IAM): To defend against insider threats, it is imperative that organisations verify users’ identities and grant data access to appropriate parties only. Relying on basic passwords is no longer an adequate strategy for protecting corporate information. Instead, companies need to leverage multi-factor authentication (MFA) and require a second form of verification – like an SMS token sent via email or text message.
Other helpful capabilities include contextual access control, which governs data access by factors like job function and geographic location, as well as session management, which automatically logs inactive users out of corporate applications in order to prevent account hijacking.
Data loss prevention (DLP): Cloud DLP is a dynamic tool that enables employees to work securely wherever they want and whenever they want, from the devices of their choosing. A typical cloud DLP offering should include watermarking (tracking), file encryption, redaction and other features that help ensure that sensitive data never reaches the wrong hands.
Training: While technology can be a powerful way to improve data security, another effective tool is far simpler. Regular employee training s can raise awareness of security best practices and help keep data protection top of mind for workers. By consistently discussing the importance of security and the consequences of failing to uphold security protocols, the threats of data theft and data leakage can be minimised.
The growing adoption of cloud has greatly improved the agility of many modern businesses. However, it has also given rise to new security concerns – like the insider threats detailed above. Fortunately, by understanding modern threats and deploying appropriate security solutions, many of these risks can be mitigated and even eliminated. In this way, organisations around the world can confidently step into future and secure their use of the cloud.