sb-au logo
Story image

Why businesses need a strategy to combat the enemy within – Ping Identity

18 Sep 2019

Article by Ping Identity APAC chief technology officer Mark Perry

Worried about the prospect of your organisation falling victim to a hacking attack or data breach?

A seemingly continuous stream of attacks on local organisations has put Australian enterprises of all stripes on high alert – and with good reason.

Not only is the threat of cyber-compromise or attack real and rising, the cost of responding to and recovering from an incident has never been higher.

Along with the bills for remediation, repair and legal advice, it includes the loss of productivity if operations are knocked out of action, as well as the dent to reputation that can result from negative publicity.

A publicly-listed property valuation firm in Australia experienced two significant data breaches earlier this year, resulting in the loss of major customers, the departure of a CEO and a bill of at least $7 million.

But while strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.

Insider attacks, by individuals who have at some point been granted access to systems and data, can be as much of a risk as attacks from outside an organisation – and sometimes harder to detect.

Research suggests they account for more than a third of attacks, and current and former employees, business partners and contractors all represent potential vulnerabilities.

The issue is exacerbated by the fact that digital transformation has opened many organisations up in unprecedented ways.

Sensitive information that was once kept under lock and key in the corporate data centre is now accessed and exploited across the enterprise, by companies keen to gain a competitive advantage.

Given this, developing a program to mitigate insider threats is an imperative for organisations across Australia and New Zealand.

So, what steps are needed to put one in place?

Create a key stakeholder group

While cybersecurity has traditionally been the remit of the ICT department, mitigating insider threats isn’t a job for a single person or business unit.

The most successful insider threat programs are multi-disciplinary efforts which pull together teams comprising security and risk specialists, human resources professionals and legal experts.

Together, they can provide all the pieces of the puzzle.

Security professionals are au fait with the organisation’s sensitive data, know where it’s stored and are familiar with the myriad ways insiders can abuse their privileges.

HR departments are responsible for the human element: ensuring employees are clear about their responsibilities and managing the disciplinary process, should a violation be detected.

Legal departments have a less hands-on role to play but their input is vital in determining the thresholds for malicious intent and the consequences of actions.

Modelling the dangers

Mitigating insider threats begins with identifying those threats that are of greatest concern.

The size and nature of your enterprise will determine what these are likely to be.

For some businesses, it may be the theft of sales data while for others, it could be the loss of intellectual property.

Ranking the risks you face, in terms of seriousness and likelihood, allows you to develop commensurate prevention and response plans.

Developing a critical watch list

Once key threats have been documented, it makes sense to develop a ‘watchlist’ of teams and departments, which have the most opportunity to misuse data and compromise critical systems.

For example, sales, finance and executive leadership teams typically have access to customer lists, financial performance data and intellectual property.

Meanwhile, IT professionals have the opportunity to pull off the ultimate insider heist, given their intimate knowledge of security processes and procedures.

Other potential bad actors include customer service agents, privileged third parties— including contractors and partner organisations—and software developers who have the opportunity to build vulnerabilities into new systems from the outset.

Develop technology-supported processes to reduce the risk

When it comes to cybersecurity, there are no infallible measures.

Hence, the focus should be on putting controls and processes in place to mitigate key risks. Ways to do so include:

  • filtering potential perpetrators by conducting pre-employment checks;
  • putting confidentiality and code of conduct agreements in place;
  • reiterating policies and practices in regular training sessions;
  • deploying technologies that can prevent, detect and mitigate insider threats quickly, like multi-factor authentication;
  • reviewing employees’ data usage patterns prior to their departure, whether voluntary or involuntary, to ensure valuable corporate data isn’t leaving the premises with them.

Time to act

In today’s digital business landscape, cybersecurity is too important to leave to chance.

For enterprises that value their data, reputations and financial viability, it is essential to put systems in place to identify and mitigate both inside and outside threats.

Story image
App security not keeping up with rapid development — Radware
“With more than 70% of respondents reporting that their production apps have already left the data centre, ensuring the security and integrity of these data and applications is becoming more challenging, particularly in multi-cloud environments.”More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
ESET brings endpoint security platform to Australia
ESET Protect is designed to automate ESET security solutions across on-premise and cloud environments for businesses of all sizes.More
Story image
Google Cloud announces availability of zero trust platform BeyondCorp Enterprise
The platform directly replaces BeyondCorp Remote Access, which was brought to the market in April 2020 as Google’s first foray into the zero trust space.More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More