How DCAP Solutions Protect Your Company from Insider Threats

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s.

Philip Robinson
| Read Time 4 min read| Updated On - June 22, 2020

Last Updated on June 22, 2020 by Satyendra

An increasing number of organisations are shifting their focus towards insider threat protection, which is hardly surprising given that the Ponemon Institute reported 3,269 insider incidents in the past year. According to a recent study by Kaspersky Lab, 52% of businesses admit that their own employees present the greatest risk to the integrity of their IT security posture. A data breach caused by a malicious insider can happen to anyone – regardless of how big their budget is.

For example, earlier this year, Elon Musk sent an email to all employees announcing that an employee was “making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties”.

While some progress has been made in the field of insider threat protection, it has been slow to say the least. A large percentage of organisations are still underestimating the damage that can be caused by single member of staff – whether former or current, malicious or negligent. The motives behind malicious insider attacks range from employees who are feeling frustrated, ostracised, neglected or unfairly treated – to those seeking financial gain through selling employee/customer data, intellectual property, or any other sensitive business information.

Of course, not all insider threats are malicious. Some are caused by a lack of technical knowledge, a failure to adhere to company policies in an attempt to cut corners, accessing sensitive data on an unsecure public Wi-Fi network, or misplacing a device that either stores or has access to sensitive company data. The question remains, how can DCAP (Data-Centric Audit & Protection) solutions help to identify and mitigate the very real threat from within?

Discovery and Classification of Sensitive Data

Most sophisticated DCAP solutions provide automated tools to help you discover and classify your sensitive data. Such tools will not only make it easier to locate your sensitive data, but also setup the necessary access controls to protect it. Recent research we undertook at GITEX in Dubai suggested that over 70% of enterprise organizations have more than 100,000 folders open to every employee. Obviously, having unrestricted access to such large amounts of data is a recipe for disaster.

Enforcing “Least Privilege” Access

Employees should only be granted access to the resources they need to be able to adequately perform their duties. Once access permissions have been setup and assigned, organisations will need to implement some sort of DCAP solution to detect unauthorised changes made to these permissions. Likewise, a DCAP solution can detect, alert, report and respond to any type of suspicious file/folder activity, including unauthorised access to privileged mailbox accounts.

Monitoring and Managing Inactive User Accounts

Inactive user accounts – also referred to as “ghost” accounts – present a major security risk for organisations when they are not managed in a systematic and timely manner. For example, should an employee leave an organisation on bad terms, and their account is still active, they may login to the network in an attempt to copy or delete sensitive data. Most sophisticated DCAP solutions can automate the process of managing inactive user accounts.

Monitoring Suspicious Out-Of-Hours Activity

Should you find an employee logging onto your network during times that do not correlate with their typical usage pattern, this may indicate that something suspicious is taking place. A DCAP solution can be setup to monitor typical usage patterns, and fire an alert should this pattern change, for whatever reason.

Preventing the Spread of Ransomware

When a company falls victim to a ransomware attack, it is typically the result of a careless employee who either downloaded an email attachment, or clicked on a link to a malicious website, which in turn lead to the execution of the ransomware application. While DCAP solutions are unable to prevent them from doing this, they do provide a feature known as “threshold alerting”, which can help prevent the attack from spreading.

At the end of the day, if you don’t know what data you have, where it resides, who has access to it, and how it is being accessed, the chances of keeping your sensitive data out of the wrong hands, is pretty much zero.

Philip Robinson
Philip Robinson

Phil joined Lepide in 2016 after spending most of his career in B2B marketing roles for global organizations. Over the years, Phil has strived to create a brand that is consistent, fun and in keeping with what it’s like to do business with Lepide. Phil leads a large team of marketing professionals that share a common goal; to make Lepide a dominant force in the industry.

Get Your Free Copy of the Ultimate Guide to Active Directory Auditing
Related Articles
The Complete Guide to Effective Data Access Governance

This whitepaper provides a comprehensive guide to implementing effective data access governance.

Download Whitepaper
Data Access Governance Solution.

Better govern access to sensitive unstructured data, enforce zero-trust, and demonstrate compliance with the Lepide Data Security Platform.

Learn more
Solutions
Platform
Company
Microsoft partner gold application development DMCA.com Protection Status