The month of September is a good time to highlight the risks posed by insider threats, according to a program first launched in 2019.
A group of federal agencies and tech industry organizations designated this month as a time to remind all organizations that threats can come from inside as well as from outside, and that cybersecurity involves a lot more than the barriers we erect to protect from outside threats.
During National Insider Threat Awareness Month (NITAM), supporters work collaboratively to emphasize the importance of preparing the workforce to deter, detect, and mitigate threats posed from trusted insiders. Throughout the month, various events and materials are produced, giving audiences the opportunity to learn more about threats posed by insiders, insider threat programs, and reporting options.
Access revocation is critical
Access revocation is key to protecting against one of the most significant insider threats, notes Larry O’Connor, CEO and founder of Other World Computing (OWC). Managing employee exits – especially access revocation – must be done properly and thoroughly, O’Connor says. The risk is significant:
“Even weeks or months after departure, it is all too common for exiting employees to still have lingering access to company systems and data. From there, malicious insiders can then steal sensitive data or sabotage critical systems rather easily by exploiting these oversights,” O’Connor says. “And, as organizations have become more reliant on cloud services and remote work, unfortunately this risk has only grown.”
The process for disabling all account access should be automated, O’Connor says, and, whenever possible, two-factor and certificate-based authentication should be used to help ensure that login credentials alone can’t provide access when it should no longer be available.
“During National Insider Threat Awareness Month, the key message for organizations is to take a hard look at their security practices around employee offboarding and data protection,” O’Connor says. “It’s not a matter of if, but when, an insider threat incident will occur. Companies can significantly reduce the risk and impact of these threats by proactively implementing the right people, processes, and of course technologies. Bottom line – protecting against malicious insiders should be a top cybersecurity priority all year round.”
Unstructured data most vulnerable
National Insider Threat Awareness Month is meant to remind us “not to underestimate the significance of risks from within – regardless of whether they are malicious or a result of negligence,” says Carl D’Halluin, CTO at Datadobi.
“For a clearer picture of just how significant, the 2023 Cost of Insider Risks Global Report by the Ponemon Institute revealed that in 2023, the average annual cost of an insider risk rose to $16.2 million per organization, while the average time to contain an incident extended to 86 days, compared to $15.4 million and 85 days in 2022,” D’Halluin said.
These kinds of statistics are staggeringly worrisome.
Surprisingly, it is unstructured data that is the most vulnerable because of its predominance, D’Halluin adds. Unstructured data “is the most difficult to manage, secure, and protect, and it often contains valuable and sensitive information making it rather attractive to those that wish to exploit it for personal gain or corporate sabotage,” D’Halluin says.
PDFs need robust protection
Even seemingly harmless data files – like PDFs – can invite insider threats, says DeeDee Kato, vice president of corporate marketing at Foxit.
“Whether you are a government agency, a business, a healthcare provider, a financial institution – it is a safe bet that highly sensitive information is contained within your PDF docs. However, it is important to know that not all PDFs are created equal – especially when it comes to providing protection against internal threats, or external for that matter,” Kato says.
When selecting PDF software, look for a platform with robust protection features, “like encryption, digital signatures, and redaction tools,” Kato says. “This provides the peace of mind that that only authorized users can access sensitive content and that confidential information is permanently removed, if necessary.”
“Next on the checklist should be advanced permission settings to control actions such as printing and editing. And let’s not forget that it should integrate with Microsoft OneDrive, SharePoint, etc. to protect your documents, data, and personal information, as well as include watermarking to deter unauthorized distribution,” Kato adds.
“Audit trails and tracking capabilities are two more features that will take your data protection and security to the next level – enabling you to monitor access and modifications and comply with those all-important data protection regulations.”
Source:: Network World