I just came back from a conference in downtown Toronto and thought of penning down the findings (in nutshell) of the survey conducted on more than 320 IT security experts in Middle East (I was one of the respondents and got a comprehensive statistics report of the survey). I was as surprised as you’d be to learn that it was found that 35 percent of people said they would delete files or change passwords upon exiting a company. This definitely raises the questions into my mind about the harm an insider could do to the corporate digital assets. All the organizations invest lots of money and resources on defending against and detecting external Cyber attacks. However, a more insidious threat is on the rise. I always reiterate that insider attacks are far more difficult to detect and prevent than external attacks.
With identities and entitlements often in a state of excess due to manual processes built upon static identity management rules and roles, it is more common that users inside the perimeter have access to information they do not need for their job. This gives them the capability to perform abusive tasks within the company. Be reminded that insider threats are not always caused by users within the organization, they can also occur when credentials of employees are shared or compromised, which often goes undetected.
With so many people touching so many apps, databases, and systems, the only reliable way to manage security today is through identity. If you purchased our Cyber Security Awareness service, you’ll learn that we often recommend companies assign access to information according to roles and access rights. By combining user and entity behavior analytics, and identity analytics, companies can not only monitor, detect and remove excess access before it is too late, but they can also monitor employee actions by detecting unusual or risky behavior. Before an employee or a contractor ever logs in, you should have pre-determined which apps and databases they can access and what they can do once they’re there, i.e., read the information only or have the ability to change or download it. When someone logs in, before permissions kick in, you need to verify that they are who they say they are. For access to sensitive information, a username and password aren’t enough in today’s environment. You need multi factor authentication, whether you do it through tokens, text messages, software, or biometric scanning. A user who has logged in through multi factor authentication and whose ability to access data is restricted by your identity and access management system may appear to be secured. But what if he walks away from his computer and someone else takes over? To control for that, you should require a screen lock whenever someone leaves a device unattended.
End of story? Not at all!!! All sessions involving high-risk sites and databases should be monitored in real time. This kind of monitoring is frequently confused with monitoring of the apps and databases themselves. Of course, these systems should have firewalls to keep intruders out and alerts that notify your security center if someone attempts to breach them. But that won’t help you if someone who has been granted access decides to misbehave. Session monitoring means keeping your eyes on the person looking at your data at all times. If that person tries to do something suspicious, such as exfiltrate customer information, your security center shall be notified immediately and can cut off access before a theft or a breach occurs.
In fact our security awareness service is full flagged and comprehensive security awareness platform that aims to spread knowledge about the fundamental concepts of information security. It educates users about the growing risks of information security and provides them with security countermeasures to respond accordingly. The solution aims at structurally spreading essential knowledge about cyber security and associated risks in addition to providing extensive information and proper course of actions when targeted by cyber threats.