Data Security Needs Have Changed
Solving the problems posed by insider threats requires a different information security approach from IT teams. While traditional informational security focused predominantly on outside threats like hackers or unauthorized user access that approach is no longer enough. Increasingly information security threats come from another source – your trusted users or ‘insider threats’. Re-purposing tools created to detect threats from outside is not sufficient to provide the level of proactive data security required to battle the types of threats that come from the inside.
What do we mean when we say insider threats? Is it employees with bad intent? Third parties who have privileged access to your networks and data? It’s a combination all these ‘trusted users’ with credentialed, legitimate access to your data and systems.
Malicious insiders are users who looking to benefit from the theft of company information they have access to and use it for personal gain. Negligent insiders are the users who inadvertently put your data, IP, and the entire enterprise at risk. Think about all those ‘Oops moments’ when you accidentally share the wrong attachment with someone in a chat or send a sensitive email to the wrong recipient(s). A recent survey found that 31% of respondents admitted to causing a breach by sending information to the wrong person; 45% said they had received an outlook recall message or an email asking them to disregard an email sent in error over the last year. It’s all of these scenarios, malicious and negligent, that make up insider threats.
Collaboration tools and work from home are fueling insider threats as a by-product of the productivity they are meant to facilitate, leaving a company’s data more exposed than ever to the potential dangers posed by otherwise trusted insiders.
Be Proactive, Not Reactive in Protecting Your Data
Most companies address data security by restricting access and locking data in secure containers or folders in their content services and collaboration tools (SharePoint, OneDrive, Teams, Dropbox, Box, etc.), but they don’t control what legitimate users can do with the data, making it easy to accidentally share, misuse or steal sensitive information. Some also employ behavior analytics and threat hunting tools to identify suspicious activities, for example, an employee who accesses sensitive files in the middle of the night or starts downloading massive amounts of data. In the financial industry auditors looks at reports on who accessed sensitive financial information to catch any unauthorized or suspicious access.
There’s just one problem – at this point the damage is already done.
When it comes to insider data access, organizations are so accustomed to documenting or looking for access to sensitive information after the fact; they haven’t even considered that they should instead look to block unauthorized access and track access to prove to auditors the information has remained safe. It’s also much harder to determine if an insider accessed information maliciously accidentally or a just part of their job.
Behavior analysis, threat hunting, alerts and audit trails are all reactive security tools. They identify suspicious activity and access after the fact, then take action to remediate. A negligent user has already sent an email with sensitive customer information to an unauthorized third party classifying it as a data breach. An audit trail reveals an administrator has repeatedly been accessing board documents they weren’t meant to see.
Yes, some of these tools can work in conjunction with others to turn off access automatically if the activity is flagged as suspicious like someone downloading multiple files in the middle of the night. However – even if the problem is detected quickly – the malicious user has already accessed at least some of the information and perhaps copied it to personal device or sold it for personal gain. Sure, you’re stopping additional data exfiltration but what about the data that’s already been stolen? For negligent users, it’s almost impossible for these reactive tools to provide adequate protection as unusual behavior patterns likely do not exist in those scenarios.
Why Proactive Data Security Matters
The real question is why are we using reactive security methods that were designed as a secondary line of defense to hunt down bad actors masquerading as trusted insiders instead of tools design to proactively prevent insiders from misusing or oversharing information?
In some cases, it’s a lack of awareness that effective tools that can proactively control insider access to sensitive information and stop unauthorized sharing exist. Other attempts to solve this problem have been ineffective, such as traditional DLP tools, as they predominantly rely on classification of data to determine the protection. A downfall of these tools is the classification can often be inaccurate causing so many false positives that they became more of an IT problem than a solution. In other cases, companies just don’t realize that the tools they are relying on for data security just aren’t effective when it comes to protecting against negligent and malicious insider threats.
Using proactive data-centric security provides a way to prevent someone’s ability to steal, misuse or accidentally share data with an unauthorized party by securing the data itself by using attributes from both the data and user context to determine how the data can be used or shared at that moment in time. In other words, it prevents unauthorized access and sharing mistakes form happening in the first place. Data centric security removes the reliance on single points of failure for triggering data protection – it doesn’t just rely on a one size fits all classification or permissions setting. It provides more flexible security that automatically adjusts as the content and user’s context change for more effective, dynamic data protection.
For example, perhaps while you’re sitting in the office you can look at your company’s financials but if you’re sitting in a public place like an airport it can deny access to the file. Or maybe you inadvertently try to email a confidential HR document to the wrong ‘Bob’ it can prevent you from attaching the file to the email. Or perhaps you’re working from home and using Microsoft Teams to chat with a colleague about a customer and try to paste their credit card info into the chat, which is against company rules, that info can be automatically blocked before it’s sent.
Embracing a Better Way to Secure Data Collaboration
While it may seem like these capabilities are a must have to control these everyday scenarios, 97% of companies acknowledge threats from oversharing and misuse could be problematic, but just 47% provide secure collaboration tools. Why? Often, it’s because there’s too many other projects going on and they don’t want to tackle a new project or add another solution into the IT mix. Or because they think a tool they are already using provides a good enough solution.
IT and security teams need to embrace newer and better ways of protecting data from insiders, and yes sometimes that means investing in new tools, not just making do with what you have and calling it good enough. Regulations are changing to mandate better protection and your customers, employees, and bottom line deserve better than cleaning up messes after the fact with reactive data security tools.
Learn more about the advantages of data-centric security.
