Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: Network>>>>>Feature>

PREVIOUS

Filtered Articles:3 of 220   Current Article ID:5496

NEXT



Secure on the inside

Editorial Type: Feature     Date: 05-2015    Views: 2166   







François Amigorena, CEO of IS Decisions, urges the deployment of an effective insider threat management programme and offers some advice on where to begin

We have come to know 2014 as the year of the breach, such was the unrelenting flow of stories about security breaches. It seemed that a week couldn’t pass without a story emerging of yet another organisation having leaked sensitive information.

Sony Entertainment, JP Morgan, eBay - big, recognisable organisations were falling foul of what were, to one degree or another, breaches with an internal source. The insider threat was rife.

That was 2014's legacy, but what will the legacy of 2015 be? Well, according to some research we have carried out at IS Decisions (User security 2015: the future of addressing insider threat) among IT professionals, this will be the year of addressing the insider threat. In the UK, 43 per cent of organisations already have an insider threat programme, but of those that don't, the majority (69 per cent) are planning to put one in place this year. So everything will turn out fine then…

However, with so many IT professionals implementing insider threat programmes and potentially in haste, we all need to stop for a moment and understand what a good insider threat programme actually looks like. How will we measure the effectiveness of these new measures, and how will we know if the new insider threat measures are good enough to prevent a breach?

There are many important factors to consider, but to start with, you might want to implement the following elements.

EMPLOYEE EXIT PROCESS
Only 24 per cent of IT professionals were planning to incorporate this into their programme. Some earlier research of ours, conducted among employees confirmed that over a third have accessed a former employer's data.

Ex-employees are more likely than others to have cause for malicious action while they have no good reason to access to your network. We saw in the case of the Sony Entertainment breach that overlooking this can be disastrous. A simple process can ensure that network access is revoked when a user's employment ceases, yet this doesn't seem commonplace.

NEVER TRUST, ALWAYS VERIFY
The zero-trust model promotes the action of never trusting, always verifying, before a user accesses the network. This harsh sounding approach does not need to negatively impact a user's ability to work, but if you are verifying their access at every point possible - when they log in, stepping away from their desk, changing workstation, using an alternative device - you significantly reduce the potential attack surface area.

POSITIVELY REINFORCE GOOD BEHAVIOUR
In addition to the zero-trust model being more secure, it has the additional positive benefit of reinforcing secure behaviour among employees. The majority of IT professionals are intending to incorporate training and education in their insider threat programmes, but the best kind of awareness building is on the job. Your users are much more likely to pay attention to something that is reinforced on a daily basis rather than a written policy, or a single training session.

REAL TIME ALERTS
User education works better in real time and so does user activity monitoring. There are two sides to understand; on the user side, if your organisation's employees get alerts when they undertake behaviour that could be deemed suspicious, that is exactly the kind of real time education that they will pay attention to. What's more, if users are actually accessing the network with malicious intent then an alert might just stop them.

On the administrator side, being able to monitor and track behaviour in real time is key to understanding how users behave on the network. Similarly, an alert to suspicious behaviour allows the administrator to take action which may potentially stop a breach.

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT