July and August carried on the trend in 2016 of an increased amount of awareness and attention being placed on IT security threats – both from the inside and outside. It has emerged that external security breaches affected high profile organisations such as Amazon, HSBC and the UK railway network. But as the focus on defending against external breaches increases, can the same be said of internal threats? Here’s a look at some of the internal issues we saw over the last couple of months:
Organisations still don’t have the ability to defend against insider threats
Many organisations spend millions of dollars defending against external hacks but leave themselves exposed to internal leaks. This is the equivalent of locking all the doors but leaving the windows open. A survey of IT professionals carried out in July by SpiceWorks discovered that only 29% of organisations had an IT security expert on board despite 73% claiming cyber-security as a top priority.
How can organisations expect to protect themselves against security breaches without adequate technological knowledge? As 43% of security breaches occur through insider attacks or insider misuse, it is more important than ever before to have a pro-active and continuous means of auditing and monitoring critical IT systems. This will help in establishing a least privilege policy and securing user accounts from misuse. To do this requires time and technical expertise – which many IT teams simply do not have.
Fortunately, many automated solutions exist on the market today to provide organisations with continuous, in-depth auditing and monitoring of their critical IT systems. They are competitively priced and help to mitigate the risks of insider abuse/misuse – which should help give peace of mind to those organisations lacking the resources to carry out audits manually.
Sage suffers insider breach
Sage is the world’s third-largest supplier of enterprise resource planning software and the largest supplier to small businesses with over 6.1 million customers worldwide. In August, Sage suffered a data breach as a result of an authorised user having inappropriate levels of access to critical data. Although the repercussions of this breach have yet to be realised, the police are investigating the incident and the ICO has been informed.
This breach serves as a warning to organisations of all sizes that not having adequate means of monitoring user access rights and following a least privilege policy could lead to major security breaches. Sage is an organisation with over 13,000 employees to keep track of, which requires an immense amount of time and labour. However, any organisation – regardless of size, sector or budget – can improve the way in which the audit and monitor their privileged users by making use of specialised, automated solutions.
650,000 patient records exposed at health care provider, Bon Secours
Maryland-based health care provider, Bon Secours, were the victim of a massive data leak in August which led to personal information of over 650,000 patients (including names, insurance identification numbers, banking information, Social Security numbers and some clinical data) being exposed to the public.
The data was leaked after R-C Healthcare Management, a firm that helps hospitals with Medicaid reimbursements, adjusted network settings resulting in revealing personal information online for 4 days. This is a reminder that all organisations need to be seriously about who has the ability in their system to alter network settings. With sophisticated auditing and monitoring solutions in place, organisations can better detect unwanted changes in the IT systems and react faster in order to mitigate the damage.
Insider threats affecting the Police Force in the UK
A freedom of information request has revealed that the Police Force in North Yorkshire has ranked the highest in England in terms of the number of security breaches. By far the majority of these security breaches occur due to insider misuse or abuse.
Often it is the organisations that deal with the most sensitive data that are at risk of insider threats. With the case of the North Yorkshire Police numerous employees had inappropriate levels of access to sensitive data and this led to private arrest information being passed to people outside of the organisation.
In total close to 100 cases of insiders misusing sensitive information were uncovered in the freedom of information request. However, we fully believe that the problem goes much deeper than just this one example. It is a distinct possibility that the majority of organisations are experiencing this kind of security breach but either don’t have the equipment in place to detect it or simply bury their heads in the sand and refuse to admit they have a problem.
Spending on IT security will exceed $100 billion by 2020
Intel Security have confirmed the growing emphasis organisations are placing on IT security in a research project revealing that total global cyber-security spending will exceed $100 billion in the next 4 to 5 years.
This money is expected to go towards hiring skilled security experts in order to reduce the knowledge gap where cyber security is concerned. We at Lepide hope that the increased spending on IT security will allow IT teams to divert enough resources towards protecting the organisation against insider risks.
Nowadays, it is cost-effective to deploy a specialised solution designed to mitigate the risks of data leakage or insider abuse/misuse. However, many IT teams simply can’t justify the ROI to upper management as they cannot admit that they may have a problem in this area. It is our hope that this increased spending will allow organisations to protect themselves from the inside out, and not the other way around.
Important Group Policy Settings & Best Practices to Prevent Security Breaches
15 Most Common Cyber Attack Types and How to Prevent Them
Why Active Directory Account Getting Locked Out Frequently – Causes
