Light Dark
March 18, 2016 By Leslie Wiggins 4 min read
Data Protection

Major League Baseball’s spring training will wrap up in a matter of weeks, and baseball stadiums everywhere are getting ready for opening day — you might even be able to smell the peanuts already. But when it comes to your sensitive data security, do you know who’s on first? More importantly, do you know who’s stealing home — and potentially stealing your sensitive data, too?

Unfortunately, most organizations don’t have this much awareness of or control over insiders accessing sensitive data. Sometimes they have no awareness of who has access to sensitive data. This is particularly problematic and risky when it comes to privileged users, who have access to everything important.

What’s even more interesting is that a 2015 IBM X-Force report indicated that 55 percent of all attacks are related to insider threats. Similarly, findings from PwC’s “2015 Information Security Breaches Survey” in the U.K. found that “75 percent of large organizations and 31 percent of small businesses suffered from staff-related security breaches in the last year.” To make matters worse, exactly half of the worst breaches were caused by human error.

Who Represents an Insider Threat?

When it comes to insider threats, there are several types of risks to watch for.

Organizations tend to be more sensitive to disgruntled or malicious employees that represent risks. Those risks can range from causing minor disruptions or embarrassment because of a disgruntled employee to major disruptions and brand damage from sensitive data being leaked or destroyed.

However, there are two other types of insider risks that tend to be more overlooked: the third party with access to sensitive systems or data and the employee who falls victim to schemes. Any of us can end up being that employee under certain circumstances.

If they have access to sensitive data or systems, third parties such as suppliers or outsourced IT teams should be monitored as if they are a standard part of the organization. It’s any of these insiders with privileged access to sensitive data and systems that represent the greatest risk. They need to be evaluated and monitored closely to reduced risks.

DOWNLOAD THE X-FORCE THREAT INTELLIGENCE REPORT: THREATS FROM INSIDE

Getting Started: Know Your Users and Data

It’s not all gloom and doom. There is a simple way to start taking control and reducing risk. There are just two things you need to do: Know your users and know your data!

When it comes to knowing your users, you need to start answering the following questions:

  1. Who has access to sensitive data?
  2. Who should have access?
  3. What are users doing with data?
  4. What are administrators doing with data?

Likewise, when it comes to knowing your data, begin thinking through and determining the answers to these four questions:

  1. What data is sensitive and where does it live?
  2. Is the right sensitive data being exposed to the right users?
  3. What risk is associated with sensitive data?
  4. Can you control privileged user access to sensitive data?

Identity management and data security technologies exist to make answering and resolving these questions easier. You can get started by just sitting down and considering your top sensitive systems and who has access to them. You’ll start to get a feel for your risks and exposures very quickly.

When you want to take a more controlled look at knowing your users, there are two important things you need to put into action: You must manage access, and you must trust but verify. When managing privileged access, it’s critical never to allow users direct access to sensitive systems or to the master password that will provide access to those systems. By having privileged users log in under a personal user ID and password, which triggers a hidden master password to open access, you are able to learn who is accessing data and take specific action if any risks emerge.

Then, you must trust but verify. Allow privileged users to have the access they need, but record and monitor their sessions. This way, you create a record of their activities, identify what’s gone wrong and take appropriate action.

Essential Capabilities for Data Security

There are a few capabilities that are essential to taking a closer look at your data. The first is automated discovery and classification of sensitive data. Frequently, sensitive data occurs in more systems than you would think; for example, one client IBM worked with thought it had sensitive data in 20 systems, but that number actually ended up being 200 systems. Automated discovery and classification is important because if you don’t know where your sensitive data is, you can’t possibly protect it.

The second essential capability is real-time data activity monitoring combined with entitlement reporting. By leveraging these capabilities, you can see who is accessing sensitive data. When paired with automated analytics and machine learning, real-time data activity monitoring can help you establish a baseline of normal user behavior and then spot unusual behavior or access patterns.

Finally, the third essential capability is to take immediate action to safeguard sensitive data to prevent loss. By leveraging a solution that allows you to preset security policies, that solution can take action for you if unusual behavior does occur. It can block access, alert the security team or quarantine suspicious users until investigation can be completed.

For the greatest protection against insider threats, you should rely on an integrated security landscape where your privileged identity management solution and your data security solution work with the broader security environment for the greatest degree of intelligence and protection.

Learn more: read the X-FORCE THREAT INTELLIGENCE REPORT on Insider Threats

 |  |  | 
Leslie Wiggins
Program Director, IBM Security

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature