The insider threat has been acknowledged for some time. Organizations know that that insiders, whether careless or malicious pose a serious threat to the business security.
However, while many entities consider the insider threat to be the insider turned bad; a disgruntled employee willing and able to steal information to sell on to criminal organizations or the company’s competitors, this is only half the story, says Lutz Blaeser, MD of Intact Software Distribution, a partner of Bitdefender in South Africa.
“There is also a very real threat from the careless insider, an employee or other authorized user such as a contractor, who increases risks through careless or reckless actions such as clicking on a link in a phishing email, using dodgy Websites for peer-to-peer sharing, or being careless with their password. All behaviors we know to avoid, but too many are lackadaisical about these practices.”
Blaeser says a Splunk-sponsored IDC study released recently revealed that “account takeover as a result of the hapless user remains one of the primary vectors for security breaches in organizations.” However, IDC also came to the conclusion that traditional approaches to security do not address this risk properly.
The survey results are based on the answers from 400 organizations with over 1 000 employees based in the UK, France, Germany, Sweden and the Netherlands.
“There are several key findings from the research, but one of the most alarming is that the malicious insider threat is seen as being low. The majority of organizations do not think that a malicious insider threat is a top concern for their security operation. Only 12% reported it as being of major concern. At the same time, businesses said they are most concerned about fraud, data loss, and unauthorized access to data, all of which go hand-in-hand with a malicious insider.”
It follows then, says Blaeser, that there is the risk that CISOs will focus on the consequences of malicious insiders while the actual threat is limited. “Careless users are more of a threat to the business than their malicious counterparts. The majority of businesses are far more worried about threats such as viruses, APTs and phishing. Most of these types relate directly to another type of threat, namely accidental breaches enabled or caused by reckless users. However, due to the fact that businesses don’t think about these threats in this way, they focus on traditional perimeter-based security tools, which means that breaches caused by careless users are not prevented.”
Several businesses have no tools in place to identify the activity that leads to accidental breaches. “A mere 12% of companies use user-behavior analytics to detect any anomalous behavior that might be indicative of a breach of this nature. Some 27% of respondents do not even have basic methods of breach detection, such as log management, in place. There is also a seeming lack of appreciation for learning from previous incidents, which will only lead to mistakes being repeated.”
According to Blaeser, the majority of companies don’t have the tools, approaches or mindset needed to detect and respond to breaches as they happen. “Most European organizations are still employing tools and measures designed with the protection of a traditional network-based perimeter in mind. Firewalls and antivirus approaches are used everywhere, however, while these tools are still a vital part of the security chain, on their own, they are not enough in the age where breaches are inevitable.”
He adds that only a very few businesses have measures such as forensics investigation systems and analytic’s capabilities in place to identify incidents once they have occurred. “We understand that there is no silver bullet when it comes to protecting organizations from every careless user, and as good as today’s tools are, some bad stuff can still get through. This is why although defensive tools are absolutely vital, on their own they are insufficient. Corporates need to be able to identify and quickly react to incidents if they’re to have a hope of defending themselves against the plethora of dangers out there.”
Behind the scenes – Intact Software Distribution is a dedicated software distributor focusing on providing a full range of security software solutions, coupled with the service performance and know-how of an experienced and specialised solution provider.
Intact Security provides a focused approach to support and technical knowledge transfer in association with the channel. Where required, the company assists with implementation of the products. Intact Security is specifically focused on customer satisfaction, providing an all-round peace of mind scenario which results in collaborative engagements facilitating clients’ needs and requirements. Intact Security guarantees the following: No hidden costs – real cost saving / Product efficiency and effectiveness / Ongoing available support.
Lutz Blaeser – Managing Director – +27 21 487 4640 – http://intactsoftwaredistribution.co.za/