News/Trends, Tech/Engineering

Too Close for Comfort: Insider Threats to Enterprise Data

Dave Packer

Given the barrage of external threats to enterprise data, it’s easy to blame faceless outsiders for every breach.  Beset by onslaughts from outside the palace walls, it’s no wonder the enterprise wants to pull up the drawbridge, fortify the garrison and stockpile provisions.  However, while outside actors are all too real, the biggest security threat to organizations comes from those nearest and dearest: their own employees.

Financial Toll Just the Beginning

Mobile and cloud technologies, with their unsecured devices and networks, have made it easier for insiders to wreak havoc.  And things are getting worse.  The U.S. Department of Homeland Security cites a 64 percent increase in security breaches from 2014 to 2015.

The fallout from breaches includes leaked intellectual property (IP), ransom money and industry-specific fines, lost productivity, and IT resources.  Accordingly, a 2015 study issued by the Ponemon Institute found that the average security breach costs a business $3.8 million.  However, as demonstrated by the Panama Papers and Edward Snowden, insiders can inflict a lot more than financial damage on an organization.     

Regular, Vanilla or Cinnamon Dolce?

Like a Starbucks latte, internal security threats come in different flavors.  First, there are employees who are devoid of sinister intent but lax about security.  Typical infractions include the business use of unsecured mobile devices or personal email accounts, or copying data onto cloud services such as Dropbox.  Employees have inadvertently shared sensitive data on social media as well.  Likewise, the 2016 Market Pulse Survey conducted by SailPoint found that over 65 percent of employee respondents admitted to using the same passwords across different applications.

The second kind of internal threat involves employees who are actively engaged in theft or malicious behavior.  This too is common.  The SailPoint survey found that one in five employees would sell passwords to an outsider, including competitors, and a whopping 44 percent of those would sell their passwords for less than $1,000.

Whether the issue is employee ignorance, disregard for security or outright criminal behavior, the outcome is largely the same – and it’s definitely not good.

The Gift that Keeps on Giving

In addition to current employees, former employees can spell bad news for corporate data.  In many companies, former employees can access data simply by using their old credentials.  When that happens, say goodbye to your IP along with the employee.

Managing Insider Threats

Given the security threats coming from all sides, what’s a beleaguered IT team to do?  Practices such two-step authentication and data encryption are fine but more can be done:

  •  Build a top-notch compliance program that automates security controls wherever possible, allows data access only as needed, and includes security protocols for employees leaving the company.
  •  Search data “silently” to sniff out security violations without impacting end users.  IT should have visibility into the use of sensitive data, including files deleted off endpoints or placed on shared drives.  System dashboards and reports can also help IT root out non-compliance.
  • Set custom alerts to notify IT if someone is moving files outside of enterprise systems or if newly-created passwords don’t meet complexity requirements.  Alerts can also tell IT when employees engage in suspicious downloading of documents.
  • Enable logging of database access to determine when, where and by whom particular pieces of information were retrieved.
  • Properly train employees about the importance of data security and specific practices they should adopt to ensure this.
  • Keep up with compliance issues involving Sarbanes–Oxley (SOX), HIPAA, IP or other key topics.  IT should also understand safe harbor and the capabilities of OneDrive.
  • Join forces with HR to coordinate employee training, help secure mobile devices, and investigate complaints.  IT and HR can also collaborate on updating systems access when employees change roles.

Of course, you’re pretty sure that Bob in the cubicle down the hall would never make off with your enterprise data.  But with IT smarts, sound data systems and clear security protocols, you can eliminate any lingering doubts and get on with bigger and better things.  

How Druva can lessen the worry

A security-minded IT leader knows that protecting sensitive corporate data is a big job, and gaining visibility over data stored on endpoints or in cloud apps is a growing challenge. According to IDC and Gartner, by 2020 over 50% of all enterprise data will be reside exclusively endpoints – making endpoint, cloud app-hosted and server data equally important to protect.

By applying Druva’s Proactive Compliance module to data on endpoints and cloud apps, InfoSec can gain immediate visibility into the type of data residing on these respective devices and cloud apps. We’ve seen how this proactive approach has helped our customers gain valuable business insights and avoid costly PHI and PII data breaches. We also believe that once you see Proactive Compliance in action, you will see how transformative it can be to your businesses.

To learn more about how to address the risks of dispersed data across your organization, visit our Proactive Compliance web page or download our latest report below.