Multi-faceted security plan is key to combating internal data theft

While the predominant perception is that most threats to data security and privacy are external, the reports according to the Open Security Foundation suggest that up to 11% of the malicious data loss incidents come from within the organisation. However, it remains an area that is often underestimated by IT departments when it comes to creating a security audit or a disaster recovery plan (DRP).

Australia – a soft target

Australia is the second most likely country in the world to suffer data loss as a result of malicious attack, next to only Germany. According to the Ponemon Institute, these breaches result in the highest number of compromised files anywhere on Earth, with an average theft of 34,249 files.

The Privacy Amendment (Private Sector) Act of 2000 has set clear rules in Australia, governing the collection, use and disclosure of private information by an organisation. It comprises ten National Privacy Principles (NPPs) which organisations need to adhere to; else they are bound to face consequences from the Federal Privacy Commissioner. Allowing personal data to fall into the wrong hands due to a security breach may result in heavy fines or other sanctions under the Act.

If the proposed mandatory data breach notification law also makes its way into Australian legislation, mandatory data breach notification will all but inevitable for Australian businesses – and rightly so. The proposed law, if passed, will put even more responsibility on the party that houses the data (usually the organisation) to improve its security, compliance and disclosure measures – against both internal and external threats.

Top 3 considerations to combat insider threats

Ease of access to critical data is often cited as a core reason for the continuous increase in the number of insider threats. It is much easier for a hacker to access data within your organisation when they have insider help. Security firms have been reporting the increase in the number of data breach incidents linked to an insider, so it’s imperative for organisations to gain a better understanding of these threats and safeguard themselves against common insider threats.

1. USB data theft

Data theft via USBs is the simplest form of insider data theft. All it takes is to plug in a flash drive and you can easily copy sensitive or confidential information. Over the past few years, we have seen so many organisations tracking down the loss of sensitive/confidential information via USB drives and other mass storage media.

Making sure that your employee signs a privacy agreement alone is not a strong deterrent. Typically, it could be a disgruntled employee that decides to just copy sensitive information and tries to leak it externally, or it may be a case where an employee’s USB device contains malware which can automatically trigger a script or code to install or run on your system and steal data.

A concerted plan to curb employee data theft via USBs should incorporate admin, human resources, IT and top-level management. There are steps that a watchful and well-equipped IT department can take to pre-empt data theft, with network data providing valuable insights into employee behaviour. With the help of a reliable security and information event management (SIEM) tool, you can build rules to restrict unauthorised access to USB drives. You can also build an authorised group to control who has privileged access.

2. Online file sharing/file transfers

Transmitting sensitive files online has become a common practice these days as well with the advent of cloud-based solutions such as Dropbox and Google Drive. It caused a big sensation in 2012 when a number of usernames and passwords of Dropbox accounts were compromised. There was another breach in 2011 that exposed hundreds of accounts without proper authentication.

So when an employee tries to share files or transfer files through insecure channels, there are chances that your sensitive corporate data can be easily accessed by third-parties — especially when data is stored on the public cloud.

Organisations need to ensure that they and their employees are using a secure file sharing option. Having a managed file transfer solution is ideal as it provides certificate-based authentication; it would be even better if the solution was self-hosted and so allow for internal protection measures. Organisations should also check whether the solution provides security for data both at rest and in motion, and monitors the file transfer process in real-time.

3. Combating anomalous network behaviour patterns

It’s easier to identify anomalous behaviour patterns if an organisation establishes a baseline performance for its networks. For example, a large number of failed log-in attempts on your servers and applications would indicate an unusual user behaviour pattern, and would call for deeper forensics to analyse the root cause.

To expose an attack or identify the damage caused, IT managers need to analyse the event logs on their networks in real-time. An efficient log management tool can help you analyse actionable information and identify intrusion attempts, misconfigured equipment, and much more. Responding in real time will also help you to better combat these threats. For example, you can set up automated responses based on certain thresholds, which are mostly unusual network patterns or unauthorised access.

It is very critical for organisations to have a strong security strategy in place to counter the threat of internal data theft. The plan should actively involve internal policies, training, effective internal communication processes, as well as vigilant monitoring of data logs, file transfers, network activities, endpoint vulnerabilities, and so on. With a deep understanding of the threats and effective counter mechanisms, organisations could more easily minimise the incidences of insider data attacks.

Yaagneshwaran Ganesh is product marketing specialist at SolarWinds.

Join the CSO newsletter!

Error: Please check your email address.

More about DropboxGoogleSolarWinds

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Yaagneshwaran Ganesh

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place