Managing Insider Threats with Vigilance
Two factors continue to be substantial risks to personal data in an enterprise environment: insider access and third-party breaches.
According to the latest Verizon’s Data Breach Investigations Report, the former accounts for 59% of all security incidents. Now, it seems the Office of Civil Rights (OCR) has published its own report, a newsletter called “Managing Malicious Insider Threats,” which is in agreement with Verizon. The underlying causes that might result in the realization of an internal harm to data are much as they’ve always been: employees about to be fired, or soon to join another organization where the data could give them an advantage, or for any number of reasons that result in said employee’s own perceived gain. The recent Capital One breach was the result of one such former employee, one who went oddly public with their efforts.
In all cases, the usual access these employees have to sensitive data potentially obscures any illicit actions they might take. It can be tricky to detect any suspicious activity when that access is a function of their jobs. But that is exactly what must happen.
Another study, this one from Kaspersky, shows how breaches of third-party partners are among the most expensive. In 2018, they resulted in an average of $1.47 million in costs. We’ve written previously about different incidents where vendor vulnerabilities resulted in a data breach for a customer entity. You can also add the Docker Hub cyberattack to that list, as the image storage service discovered unauthorized access to a database that exposed sensitive customer data.
Before all other recommendations, the most crucial one to follow remains vigilance. Reviewing system and audit logs and security reports will assist discovery of any abnormal usage or access by employees. If you see data being forwarded to a personal email address, for instance, consider that a red flag. Likewise with copying large amounts of data to an external device, whether phone or USB drive. Setting alerts for actions like these will help keep you informed. Knowledge is key in breach prevention: knowledge of your data flows, storage, access and usage. Limiting access to information that is strictly necessary for job performance, including managing any distribution of portable storage devices, is also beneficial.
If you take steps to mitigate your internal risks now, it can prevent serious breaches and embarrassing headlines later.