In 2016, the total consolidated cost of a data breach was at $4 million, according to the 2016 Cost of Data Breach Study, conducted by Ponemon Institute and funded by IBM. The same study put the likelihood of a material data breach involving 10,000 lost or stolen records over the next 24 months at 26%.
Meanwhile, many cybersecurity experts are encouraging security professionals to shift their focus to internal security threats. In a recent Forbes article, Michael Madon, CEO of security awareness platform Ataata, said, “Unintentional employee negligence is a much bigger problem than intentional attacks orchestrated by malicious actors. Fight the good fight against your enemy, but don’t ignore the friendly fire that can do far more damage.”
Whether the threat to corporate security comes from within or without, the bottom line for CIOs and other C-level executives is the need to find ways to identify and plug security holes while adopting strategies that can reduce risk.
This an an area where analytics can help.
SEE: Cybersecurity spotlight: The ransomware battle
Addressing the big risks
Two of the most vulnerable internal security points for organizations are:
- Ensuring that security access entitlements for employees are appropriately set, maintained, and monitored
- Ensuring that corporate governance and security standards are uniformly enforced in a hybrid IT infrastructure that operates on premises as well as in public and private clouds
With the move to the cloud, organizations face greater risks of losing control of their intellectual property and confidential communications–and employees can be negligent or even malicious by giving others access to data that should not be shared. When you try to enforce new standards for data sharing, employees may be resistant to change. Managers might also be unwilling to regularly review security access permissions for their employees.
Collectively, these factors contribute to user data access permissions being improperly set and maintained or to being routinely violated. The issue is not technical; it is rooted in human behavior and practices.
“We have approached this security access dilemma by developing human behavior analytics (HBA) that use machine learning to study user behavior and information access appropriateness from a 360-degree standpoint, whether the user is accessing data on premises or in the cloud,” said Tom Clare, vice president of marketing at security analytics firm Gurucul.
Gurucul’s analytics take in the access business rules of an organization and then use machine automation, learning, and intelligence to monitor user access and information usage habits on premises or in the cloud. If a usage anomaly occurs, an alert is issued by the system that enables the company to respond and investigate. This might be as straightforward as talking with a department manager and learning that an employee’s role and IT access needs have changed–or it could be an early indicator of an information access breach.
“This is a way to both manage access and mitigate risk,” Clare said. “It helps IT because there are still many IT functions that exist as silos that don’t cross-communicate much with each other. This can contribute to user access abuses.”
Clare has a point.
On one hand, you have the security professional who monitors for intrusion detection but isn’t much concerned with identity issues. Across the aisle, you might have the identity and access management specialist, who is concerned about which departments and individuals get which types of access but doesn’t get involved with malware and intrusion detection.
SEE: Power checklist: Vetting employees for security sensitive operations
If an organization uses an automated tool that can assess data access clearances by functional area and/or by user and then report in on any anomalies, information access breaches can logically be reduced–and you can get around the information breakdowns that occur when IT silos don’t communicate.
But this doesn’t cure everything.
There is no universal automation tool today that can cover all IT access scenarios. For instance, few tools can track user behavior and information access in software-as-a-service (SaaS) cloud environments. And as of today, automated tools can’t track access across the boundaries of all public cloud networks.
For senior managers, the requirement is for a mixed strategy of analytics that combines monitoring hybrid on-premises and cloud access and information sharing, where it is practicable, with the more old-fashioned approach of ensuring that IT and end-user managers regularly meet and review user security permissions.
Using both techniques, the risk of information access abuse and sharing can be reduced. The key is getting everyone throughout the organization on board with how important it is to regularly review information access policies and permissions–and refusing to relegate this relatively mundane function to a low priority.