These days enterprises are dealing with vast amounts of unstructured data – a problem that is compounded by the increasing number of ways to share this data. Despite this, both employers and employees are still failing to either understand or care about their responsibilities when it comes to data protection.
According to research carried out by Opinion Matters – an independent research organization, 60% of IT leaders believe that “employee carelessness through rushing and making mistakes” was the number one cause of insider threats, while 44% believe the cause to be down to “a general lack of awareness”. In third place, “a lack of training on the company’s security tools” was said to be the main cause of insider breaches, according to 36% of respondents.
These results highlight the disconnect between IT managers and regular employees. And while IT managers may be critical of their staff for inappropriately sharing sensitive data, they are failing to deliver the resources necessary to rectify the situation. Of the employees who admitted to sharing data insecurely, most claimed that they were either under too much pressure from work, or that they were not given the tools and training necessary to share it safely.
Naturally, educating employees about security best practices is the best place to start. However, given that employees are already under a lot of pressure, and taking into account that there is a shortage of cyber-security professionals, IT managers will need to look towards security automation to address these problems.
As per the report, sending data to the wrong person, and getting caught out by phishing emails, were among the most common mistakes that employees were making. However, poor password handling, neglecting updates, and intentionally disabling security features are among the other forms of malpractice that employees engage in. As such, when it comes to automation, a layered approach is required. Naturally, anti-virus tools and firewalls are a good place to start. However, these tools are largely ineffective when it comes to poor password hygiene or inappropriately sharing sensitive data.
Likewise, most sophisticated strains of ransomware are able to evade most firewalls and anti-virus solutions. As such, businesses will need to look into more advanced solutions which are able to analyze data sharing patterns and trigger alerts when data is sent to the wrong recipient, or when an email address is mistyped. Solutions which can encrypt email communications and authenticate the sender’s identity will also help to minimize the chance of data being sent to the wrong recipient.
It is also very important to ensure that employees only have access to the data need to do their job. In this case you will need data security platform that can monitor user behavior and provide real-time alerts when an employee tries to access resources they are not authorized to access. They can also automate the discovery and classification of sensitive data, which makes it easier to assign access privileges correctly.
Another valuable feature that Data Security Platforms provide is threshold alerting, which allows us to detect, alert and respond to events that match a pre-defined threshold condition. Such events might include multiple failed login attempts, or when multiple files have been encrypted within a given timeframe. There are far too many solutions available to cover in this article, however, preventing insider threats is all about visibility. If we don’t know exactly who is accessing what data, and when, the chances of data breach will be significantly higher.
If you don’t already have an automated cybersecurity solution, such as LepideAuditor, implemented in your environment, you could be at risk of insider threats. For more information about LepideAuditor, schedule a demo with one of our engineers today.