Why Education Institutions Need to Pay Attention to Insider Threats

Philip Robinson by   08.08.2018   Data Security

Insider threats are by no means limited to the education industry, but organizations within this sector seem to have a particularly tough time dealing with them. This could be down to a number of factors. Educational institutions have large numbers of employees that have access to the sensitive information of both other employees and students. Research also suggests that privileged users in educational institutions are less informed of modern cyber-security threats and more likely to indivertibly share sensitive information outside the organization – thus creating an insider threat.

So, with that being said, let’s take a look at some of the key issues the education industry faces with regards to insider threats and what they can do to address them.

Are Insiders the Most Dangerous Threat?

In one word, yes. Just because TV shows like Mr Robot and movies like Blackhat glamorize the world of external hackers, doesn’t mean they should be your main priority in terms of security. After all, a hacker has to break through numerous boundaries to get their hands on sensitive data. Your employees, however, already have access.

Those employees that you trust with privileged access pose the biggest threat, either through accidental or malicious misuse of those privileges. Statistics tell us that external threats are the cause of a larger number of data breaches in educational institutions. However, our research tells us that insider threats are actually more damaging, as they can go unnoticed for far longer. Incidentally, many external attacks require insiders to take some form of action, such as click on a malicious link in a phishing email.

So, the key takeaway from this is that you need to keep an eye on what your users are doing.

Visibility May Be the Key to Defending Against Insider Threats

As with other industries that deal with vast amounts of sensitive data, the main thing that educational industries struggle with is the lack of visibility surrounding the changes that are taking place surrounding that data.

All organizations in this industry need to put more emphasis on making data the centre of their security plan. If you don’t know who has access to your critical data and what changes are being made to it, then how do you expect to be able to identify a potential insider threat or a data breach in action.

The problems arise mainly due to the fact that the native controls for auditing changes to data are crude, noisy and time consuming, whether that data is stored on-premise or in the cloud. Having to rely on Event Viewer, for example, to investigate data breach incidents is like looking for a needle in a haystack (a tired metaphor but a relevant one).

How Your Insiders Can Help You Prevent Insider Threats

Seeing as a large number of data breaches occur to the negligence of insiders, it stands to reason that the problem can be addressed by using your insiders. Train up your staff to be able to spot phishing attacks and teach them the value of critical data and the responsibility they have to secure it. It sounds like a cliché, especially when addressing the educational institution, but education really is a great way to defend against insider threats.

Unfortunately, operating on a policy of trust simply isn’t going to be enough. Visibility truly is the key, and there is a way to get this without paying through the nose.

Increased Visibility Over User Behaviour – LepideAuditor

Many third-party solutions are going to charge you over the odds for the ability to track and monitor on user behaviour – but not Lepide. LepideAuditor is a simple, powerful and cost-effective solution that allows you to track user behaviour, meet compliance demands and improve your data access governance. It helps you address insider threats by giving you key audit information about what modifications your users are making to your most sensitive data. It then delivers this information to you in easy-to-read, actionable reports at scheduled intervals, or in real time. If you want to see how LepideAuditor can help you address insider threats, click here for more.

Do you like this blog post?