Protection from the inside out

Whilst hacker groups like Anonymous and Lizard Squad are more likely to hit the headlines, it’s the data breaches that fly under the radar you really need to worry about

In the workplace your best assets - your employees - are also your biggest risk.

Whilst hacker groups like Anonymous and Lizard Squad are more likely to hit the headlines, it’s the data breaches that fly under the radar you really need to worry about.

Current and former employees, contractors, and other organisational ‘Insiders’ pose a huge threat to Australian businesses. Not only do they have knowledge of and access to workplace systems, they are often the conduit for the passing along sensitive intellectual property (IP).

New research commissioned by Forcepoint, which surveyed more than 1,250 security professionals worldwide, found 80 per cent of respondents believe it is important to understand the behaviours of people as they interact with IP and other critical business data. Yet only 31% have effective means to do so.

While the cyber-security community has acknowledged the Insider Threat as a significant concern, it is clear that mitigating the risk of data leakage requires a shift in mindset; it’s time to start thinking from the inside out.

The end of the traditional IT network

With evolving workplace practices, corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices. Today, IT departments are battling against data sprawl and eroding network boundaries.

Almost one in four (38 per cent) of cyber security professionals surveyed said they are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones. Their concern is not surprising given the research found only 3 per cent of Australian businesses have complete visibility over the access and use of data by their employees, suggesting a greater need for organisations to secure their systems across platforms.

Driven by compromised visibility, 44% of respondents ranked email as the greatest risk to their critical business data, followed by social media, mobile devices and laptops.

Addressing the “human point” of security

A challenge for many working in the security space is that many breaches due to an insider threat actually require little technical sophistication and are more of a whole-of-business problem, than an IT security problem.In fact, while around 70 per cent of Australian businesses recognise the critical importance of understanding employee behaviours and intent when it comes to implementing a comprehensive security strategy, only 12 percent think they are very or extremely effective at recognising anomalous or suspicious actions inside a network.

This skills and security gap is then compounded by the flow of funding, with organisations overwhelmingly continuing to direct cyber security funding to traditional network defence that fail to stop sensitive data leaks from Insiders. As Australian cyber-security professionals consider the increasing importance of an inside out approach to security, more than one third of businesses agreed that focusing more on human behaviour will help improve security results and costs. No business disagreed.

Reducing the risk of data leakage

The good news is that there are steps Australian businesses can take to minimise the likelihood of a sensitive data leak. These involve focusing on:

  • Data capture - implementing a lightweight endpoint agent can capture data without disrupting user productivity. A system like this can monitor the data’s location and movement, as well as the actions of users who access, alter and transport the data. Collected user data can be viewed as a video replay that displays keys typed, mouse movements, documents opened or websites visited. This unique capability provides irrefutable and unambiguous attribution of end-user activity.
  • Behavioural audit – understanding how employees act will help pinpoint unusual or suspect behaviour enabling closer monitoring for those deemed high risk.
  • Focused investigation – if a clear violation is detected it’s important to pinpoint specific events or users so you can assess the severity of the threat, remediate the problem and create new policies to stop it happening again.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Forcepointsecurity

More about Forcepoint

Show Comments

Market Place