sb-au logo
Story image

Why businesses need a strategy to combat the enemy within – Ping Identity

18 Sep 2019

Article by Ping Identity APAC chief technology officer Mark Perry

Worried about the prospect of your organisation falling victim to a hacking attack or data breach?

A seemingly continuous stream of attacks on local organisations has put Australian enterprises of all stripes on high alert – and with good reason.

Not only is the threat of cyber-compromise or attack real and rising, the cost of responding to and recovering from an incident has never been higher.

Along with the bills for remediation, repair and legal advice, it includes the loss of productivity if operations are knocked out of action, as well as the dent to reputation that can result from negative publicity.

A publicly-listed property valuation firm in Australia experienced two significant data breaches earlier this year, resulting in the loss of major customers, the departure of a CEO and a bill of at least $7 million.

But while strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.

Insider attacks, by individuals who have at some point been granted access to systems and data, can be as much of a risk as attacks from outside an organisation – and sometimes harder to detect.

Research suggests they account for more than a third of attacks, and current and former employees, business partners and contractors all represent potential vulnerabilities.

The issue is exacerbated by the fact that digital transformation has opened many organisations up in unprecedented ways.

Sensitive information that was once kept under lock and key in the corporate data centre is now accessed and exploited across the enterprise, by companies keen to gain a competitive advantage.

Given this, developing a program to mitigate insider threats is an imperative for organisations across Australia and New Zealand.

So, what steps are needed to put one in place?

Create a key stakeholder group

While cybersecurity has traditionally been the remit of the ICT department, mitigating insider threats isn’t a job for a single person or business unit.

The most successful insider threat programs are multi-disciplinary efforts which pull together teams comprising security and risk specialists, human resources professionals and legal experts.

Together, they can provide all the pieces of the puzzle.

Security professionals are au fait with the organisation’s sensitive data, know where it’s stored and are familiar with the myriad ways insiders can abuse their privileges.

HR departments are responsible for the human element: ensuring employees are clear about their responsibilities and managing the disciplinary process, should a violation be detected.

Legal departments have a less hands-on role to play but their input is vital in determining the thresholds for malicious intent and the consequences of actions.

Modelling the dangers

Mitigating insider threats begins with identifying those threats that are of greatest concern.

The size and nature of your enterprise will determine what these are likely to be.

For some businesses, it may be the theft of sales data while for others, it could be the loss of intellectual property.

Ranking the risks you face, in terms of seriousness and likelihood, allows you to develop commensurate prevention and response plans.

Developing a critical watch list

Once key threats have been documented, it makes sense to develop a ‘watchlist’ of teams and departments, which have the most opportunity to misuse data and compromise critical systems.

For example, sales, finance and executive leadership teams typically have access to customer lists, financial performance data and intellectual property.

Meanwhile, IT professionals have the opportunity to pull off the ultimate insider heist, given their intimate knowledge of security processes and procedures.

Other potential bad actors include customer service agents, privileged third parties— including contractors and partner organisations—and software developers who have the opportunity to build vulnerabilities into new systems from the outset.

Develop technology-supported processes to reduce the risk

When it comes to cybersecurity, there are no infallible measures.

Hence, the focus should be on putting controls and processes in place to mitigate key risks. Ways to do so include:

  • filtering potential perpetrators by conducting pre-employment checks;
  • putting confidentiality and code of conduct agreements in place;
  • reiterating policies and practices in regular training sessions;
  • deploying technologies that can prevent, detect and mitigate insider threats quickly, like multi-factor authentication;
  • reviewing employees’ data usage patterns prior to their departure, whether voluntary or involuntary, to ensure valuable corporate data isn’t leaving the premises with them.

Time to act

In today’s digital business landscape, cybersecurity is too important to leave to chance.

For enterprises that value their data, reputations and financial viability, it is essential to put systems in place to identify and mitigate both inside and outside threats.

Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
Google Cloud observes spike in DDoS volumes in last two years
Google Cloud has seen an ‘exponential’ rise in distributed denial of service (DDoS) attacks over the past decade, but the biggest attacks have only occurred in the past couple of years.More
Story image
Backups as a last line of defence are under threat
Malware can incrementally overwrite and encrypt backups, rendering them inadequate as an insurance policy against ransomware.More
Story image
Gigamon and Zscaler release cloud-first network detection for fluid workforces
“Our customers have significantly accelerated their digital transformation journeys during the pandemic, and this integration will help them better respond to threats.”More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More