Reduce insider threats by making employees justify data access: e-Safe CEO

Internal audits of company networks have shown one incident of insider data theft per 100 employees per month, according to the head of a security provider who believes the best protection from insider threats comes from having fewer restrictions on data access, not more.

The audits – conducted by E-Safe Systems as a security baselining effort for potential customers – monitor ongoing employee behaviour over a period of time using a client application that is installed on large numbers of corporate computers and tracks all file access and other user activity.

Employees are frequently observed copying files to USB drives, uploading sensitive files to cloud-storage services like Dropbox, and the like – which, chairman and CEO Ian McKinley told CSO Australia, supports the case for security practitioners to become more proactively engaged with employees through a framework that makes it quite clear they're being observed.

Security providers have generally “approached the issue of security with a blocking mentality that presupposes you can stop things happening,” McKinley explained.

“If you build a system around the assumption that you are hostage to fortune, you're trying to prove a negative – which is logically impossible. So many providers come from an antivirus mentality but it's always a balance between usability and security, and you can't just keep saying 'lock it down' and expect to get more secure.”

Technology developed by e-Safe – a UK company that maintains an R&D centre in Kuala Lumpur and recently established an ANZ sales office in Sydney headed by country manager Rizwan Mahmood – takes a different approach, enforcing controls over corporate information based on its level of sensitivity and following centrally-defined corporate rules to intervene whenever employees attempt to perform certain actions with sensitive corporate data.

Significantly, the platform is designed from a business rather than a technical context – meaning that documents are tied to business reporting structures and notifications of potential document misuse are sent straight up that structure.

Rather than trying to patrol document misuse after the fact, e-Safe's design allows employees to copy or print whatever they need – as long as they're willing to explain their activities in a written sentence that is sent to their supervising line-of-business executive.

“We have the opportunity,” McKinley said, “to create the rules in a distributed fashion, to monitor the rules that are being applied in a distributed fashion, and perhaps most importantly of all, to report potential problems in a distributed fashion to a person who is capable of understanding the implications of what somebody has either done or attempted to do.”

Knowing that the managing director of the company will get an email alert when they copy financial records or customer lists presents will often be enough deterrent to stop casual exfiltration of company information.

Those that do proceed with the action will know they're being monitored – allowing their supervisors to quickly notice and deal with potentially problematic insider activities of the type that were regularly observed during introductory network-activity audits.

“You're engaging all the time with the user and saying 'we're not going to lock you but if you take liberties with this, we're going to know',” McKinley said, noting that document security “is not a technological problem but a human problem.”

The importance of document-based security protections has come into sharp relief in recent years as the ongoing and deepening tide of security breaches forces organisations to accept that their perimeters are no longer the inviolable barriers they used to be. Tighter security is possible but efforts to balance it with employee usability have often fallen flat and the proliferation of cloud-based services has challenged notions of compliance and forced companies to a new operating posture.

Some operators have leveraged cloud platforms to help in these areas, putting policy engines in the cloud and securing cloud productivity applications to enable defence in depth security paradigms that, Gartner recently forecasted, would accelerate cloud services' role in building new security defences.

This shift has one more added consequence for already over-worked IT managers: as well as confronting potential document exfiltrators at the moment of their deed, the ability to define distributed policies for data-protection controls reduces the burden on IT staff to maintain exclusive vigilance over the exfiltration of company data – a role that has often been inherited because of their assumed dominion over all things security-related.

“We're decentralising the capability to define what is important, and at what level,” McKinley explained. “We're decentralising the reporting back to the person who owns the data, and who classified it in the first place. It really reinforces the idea that security is everyone's responsibility.”

Join the CSO newsletter!

Error: Please check your email address.

Tags dropboxdata accessRizwan MahmoodKuala Lumpurdata privacyCSO Australiae-Safecorporate dataCEOInternal audits

More about CSODropboxGartnerTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place