Story image

Inside-out security strategy vital, says expert

08 Mar 2016

Inside threats can often blindside a business, as most organisations focus on external security threats, according to Ixia.

The company says it is imperative businesses tailor their security policies, internal awareness regimes and security tools to ensure they are protected from the inside out, as well as the outside in.

“Information is becoming a popular commodity for criminals around the globe, so companies have to do what they can to make sure that information stays safe,” explains Stephen Urquhart, general manager ANZ, Ixia.

“At the same time, our increasingly connected world is opening up new ways for information to be lost, inadvertently shared, stolen, or appropriated by unauthorised agents,” he says.

“Companies need to protect this information from the inside.”

Urquhart says there are three key components to designing an inside out security strategy to keep data safe within an organization.

Policy

Urquhart says organisations should build security architecture with multiple layers to protect the areas of the organisation where most of the internal information assets reside.

“It is best if data is encrypted and companies should also implement a tiered permissions identification system,” he explains.

“At the same time, businesses should implement an overall corporate security policy that all levels of management support.

“This helps to make sure everyone is on the same page with practical security measures, such as using stronger passwords and changing them regularly,” says Urquhart.

Awareness

Companies should train employees to recognise cyber criminals’ tactics and understand how to avoid being tricked, Urquhart explains.

“Additionally, given that most ‘inside out’ data breaches are accidents, businesses need to teach employees how to manage sensitive information, stay up-to-date on threat intelligence reports, and be aware of the latest cyber-criminal exploits,” he says.

Tools

According to Urquhart, companies should implement a selection of tools that monitor streaming applications on the network to identify unusual behaviour or unknown network applications effectively,” he says.

“This can help prevent exploits from being discovered after it is too late to mitigate them.

“Additionally, businesses should use testing solutions to make sure all programs are running as expected prior to deployment,” Urquhart explains.

“This can ensure that data is kept where it is meant be kept, making it easier to protect.”

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.