According to the 2018 Cost of a Data Breach Study, conducted by the Ponemon Institute, the average global cost of a data breach rose from $3.62 to $3.86 million annually, an increase of 6.4%. Data breaches are unquestionably problematic for businesses across the globe, with new strains of malware and other methods of fraudulently harvesting valuable data evolving at a pace that is faster than security experts can keep up. Companies often fail to monitor the actions of their employees and fail to enforce policies that determine how they can use the Internet and the devices they can use to access sensitive data.
How Do Insider Threats Happen?
One could argue that most data breaches are, in some way or another, caused by employees, and the vague definition of what constitutes an “insider threat” is one of the reasons why the statistics can vary so much. Statistics aside, there are a number of ways that employees are putting our valuable data at risk. For example, employees often use weak passwords, send sensitive data to the wrong recipients, share login credentials, and fall victim to phishing scams. And it’s not just regular employees who make mistakes. IT security staff members often fail to keep their systems patched/updated, implement the correct access controls, and properly configure the necessary security settings. Data breaches that occur as a result of erroneous employees are typically the consequence of three main factors:
- Unauthorized use of applications: Employees have been known to violate company policies by using their own personal email accounts in the work-place, accessing online banking, making payments online for goods and services, and using unauthorised instant messaging applications.
- Misuse of company devices: While some employees violate security policies to enable them to get their work done, other employees do it for less valid reasons. For example, some employees have been known to override the security settings on their company issued device to download music, pay bills, browse social media sites and even access gambling websites. Additionally, some have been known to share work devices that contain sensitive data with people outside of the company, or connect their device to a public Wi-Fi hotspot, potentially enabling a hacker to steal credentials and access the data the device has access to.
- Unauthorized access to sensitive data: Employees are often granted access to parts of the network that are not necessary for them to carry out their duties. This will inevitably introduce security risks. Should an employee’s account become compromised, for whatever reason, the hacker can do more damage if their account privileges are not properly restricted.
How to Combat Data Breaches from Insider Threats
In order to mitigate unauthorised activities on your network, establishing a set of security policies and educating employees about those policies, should be the first area to focus on. However, enforcing those policies will require the right tools, as you will need to be able to quickly identify any suspicious activities that takes place.
Data discovery and classification tools will help to locate and classify your sensitive data, which will make it easier to assign the correct access controls. Data Loss Prevention tools can be used to prevent unencrypted sensitive data leaving the network, and Data-Centric Audit & Protection solutions should be implemented in order to monitor changes to account privileges as well as your sensitive files, folders, email accounts, and so on.
Some DCAP solutions have data discovery and classification built in, and also provide features for detecting events that match a pre-defined threshold condition. Such events may include multiple failed login attempts, or multiple files being encrypted within a specified period of time. It is even possible to setup an automated response to such changes, such as disabling a user account, changing security settings, or even shutting down the server.
For a closer look at a DCAP solution design specifically to detect and prevent data breaches, check out LepideAuditor.