While the predominant perception is that most threats to data security and privacy are external, the reports according to the Open Security Foundation suggest that up to 11% of the malicious data loss incidents come from within the organisation. However, it remains an area that is often underestimated by IT departments when it comes to creating a security audit or a disaster recovery plan (DRP).
Australia – a soft target
Australia is the second most likely country in the world to suffer data loss as a result of malicious attack, next to only Germany. According to the Ponemon Institute, these breaches result in the highest number of compromised files anywhere on Earth, with an average theft of 34,249 files.
The Privacy Amendment (Private Sector) Act of 2000 has set clear rules in Australia, governing the collection, use and disclosure of private information by an organisation. It comprises ten National Privacy Principles (NPPs) which organisations need to adhere to; else they are bound to face consequences from the Federal Privacy Commissioner. Allowing personal data to fall into the wrong hands due to a security breach may result in heavy fines or other sanctions under the Act.
If the proposed mandatory data breach notification law also makes its way into Australian legislation, mandatory data breach notification will all but inevitable for Australian businesses – and rightly so. The proposed law, if passed, will put even more responsibility on the party that houses the data (usually the organisation) to improve its security, compliance and disclosure measures – against both internal and external threats.
Top 3 considerations to combat insider threats
Ease of access to critical data is often cited as a core reason for the continuous increase in the number of insider threats. It is much easier for a hacker to access data within your organisation when they have insider help. Security firms have been reporting the increase in the number of data breach incidents linked to an insider, so it’s imperative for organisations to gain a better understanding of these threats and safeguard themselves against common insider threats.
1. USB data theft
Data theft via USBs is the simplest form of insider data theft. All it takes is to plug in a flash drive and you can easily copy sensitive or confidential information. Over the past few years, we have seen so many organisations tracking down the loss of sensitive/confidential information via USB drives and other mass storage media.
Making sure that your employee signs a privacy agreement alone is not a strong deterrent. Typically, it could be a disgruntled employee that decides to just copy sensitive information and tries to leak it externally, or it may be a case where an employee’s USB device contains malware which can automatically trigger a script or code to install or run on your system and steal data.
A concerted plan to curb employee data theft via USBs should incorporate admin, human resources, IT and top-level management. There are steps that a watchful and well-equipped IT department can take to pre-empt data theft, with network data providing valuable insights into employee behaviour. With the help of a reliable security and information event management (SIEM) tool, you can build rules to restrict unauthorised access to USB drives. You can also build an authorised group to control who has privileged access.
2. Online file sharing/file transfers
Transmitting sensitive files online has become a common practice these days as well with the advent of cloud-based solutions such as Dropbox and Google Drive. It caused a big sensation in 2012 when a number of usernames and passwords of Dropbox accounts were compromised. There was another breach in 2011 that exposed hundreds of accounts without proper authentication.
So when an employee tries to share files or transfer files through insecure channels, there are chances that your sensitive corporate data can be easily accessed by third-parties — especially when data is stored on the public cloud.
Organisations need to ensure that they and their employees are using a secure file sharing option. Having a managed file transfer solution is ideal as it provides certificate-based authentication; it would be even better if the solution was self-hosted and so allow for internal protection measures. Organisations should also check whether the solution provides security for data both at rest and in motion, and monitors the file transfer process in real-time.
3. Combating anomalous network behaviour patterns
It’s easier to identify anomalous behaviour patterns if an organisation establishes a baseline performance for its networks. For example, a large number of failed log-in attempts on your servers and applications would indicate an unusual user behaviour pattern, and would call for deeper forensics to analyse the root cause.
To expose an attack or identify the damage caused, IT managers need to analyse the event logs on their networks in real-time. An efficient log management tool can help you analyse actionable information and identify intrusion attempts, misconfigured equipment, and much more. Responding in real time will also help you to better combat these threats. For example, you can set up automated responses based on certain thresholds, which are mostly unusual network patterns or unauthorised access.
It is very critical for organisations to have a strong security strategy in place to counter the threat of internal data theft. The plan should actively involve internal policies, training, effective internal communication processes, as well as vigilant monitoring of data logs, file transfers, network activities, endpoint vulnerabilities, and so on. With a deep understanding of the threats and effective counter mechanisms, organisations could more easily minimise the incidences of insider data attacks.
Yaagneshwaran Ganesh is product marketing specialist at SolarWinds.