By Dr. Guy Bunker @guybunker
There have been a number of interesting articles recently, all of which point to the insider threat, or 'The Enemy Within' as we call it. The results of our first survey came out 18+ months ago, and it has been regularly backed up with more recent research.
One recent report, published by the Center for Media, Data and Society (CMDS) indicated that only 41% of breach incidents come from external cyber-criminals. The rest come from inside. Most of those are due to mistakes rather than malicious behaviour, but the result is the same – critical information escapes outside the organization. When looking for security solutions these days you need to consider the inside as well as the perimeter of your organization as an attack vector. Furthermore, the solution needs to be useful every day in order to deal with the inadvertent problems as well as the less frequent malicious ones.
It’s tough not to notice the latest news stories on data breaches with Target, Home Depot and Japan Airlines being big ones in recent months. However, the recent AT&T breach was carried out by an insider. Insiders are really dangerous, as they know where all the critical information is, and in this case they accessed personal information from subscribers, including Social Security Numbers and driving license information. Needless to say, that particular individual is no longer employed by AT&T. However, the challenges remain – as cyber-criminals become increasingly creative in their approaches to stealing critical information, so too must the organizations and the individuals trying to protect it.
Unfortunately, there is no silver bullet when it comes to critical information protection. The best approach is having a defence-in-depth strategy, with multiple rings of security deployed. There is a lot of talk about companies like FireEye and their approach to malware detection and prevention – and it is good. BUT... it doesn’t help with the insider threat. Ultimately it all comes down to data, to the information that the criminals are after.
Putting in place a ring of steel around your critical information ensures that it is protected. Using Adaptive Redaction as a next generation DLP technology can ensure continuous collaboration, as the issues with traditional “stop-and-block” and false positives are removed by confiscating only the information that breaks policy – before sending on the rest of the message.
It is foolish to believe that the problem can be solved with just one approach, so deploy the ones which reduce the risk the most. Today, that means addressing the threats posed by insiders – the people who are supposed to be caring for your information.
It’s not like the insider threat is new. The Roman poet Juvenal wrote in his Satires in the late first century AD, ”Quis custodiet ipsos custodes?” A Latin phrase which literally translates as "Who will guard the guards themselves?" – a question as relevant today as ever it was.