How To Stop Insider Threats

As digital innovators and business model and process disruptors, today’s CIOs have many critical areas of focus. The modern CIO needs to guide colleagues on how to leverage a full range of new technologies, including the Internet of Things, Big Data, cloud computing, and analytics.

One area that increasingly requires the CIO’s attention is data loss from internal players. This is a high-risk issue that can lead to the loss of data, revenue, and credibility, and CIOs must take steps to prevent intrusions before they occur.

Whether or not internal actors are maliciously stealing secrets, strategic plans, proprietary data, and customer information, combatting these issues often relies heavily on robust data management and internal resources committed to looking for and identifying data loss.

McAfee study shows scope of loss

The study, by noted anti-virus developer McAfee (now a part of Intel Security), revealed that 43 percent of exfiltration attacks came from internal actors. Half of those losses were intentional. In the study, internal actorsare defined as employees, contractors, and third-party suppliers. These internal players most frequently use physical media rather than electronic extraction.

The analysis also shows that internal theft is linked to 50 percent of all data loss in Asia, 41 percent in North America, and less than 40 percent in the United Kingdom.

Among the data taken by internal actors, 33 percent is employee information, 32 percent is customer information, 15 percent is intellectual property, 14 percent is other financial information, and 11 percent is payment card information. For companies, these risks can manifest in several ways, from the loss of critical market-leveraging information to the loss of customer and employee confidence and trust.

Tips for protecting data

Experts recommend that companies have comprehensive data management plans that use the following approaches to detecting internal theft:

  1. Find usage patterns. Companies should look for large data uploads to third-party sites such as Dropbox, frequent USB drive usage, and irregular server downloads. If an employee who usually accesses only a few specific assets, or none at all, suddenly begins a new access pattern, there may be an issue.
  1. What’s new. New user activity not exhibited in the past may indicate a problem.
  1. Look at logs. Logs are a powerful tool for auditing and detection. Domain Name System (DNS) and host-to-host authentication logs can act as triggers for suspicious activity. Looking at third-party software logs from products like Endpoint and Active Directory can also help identify red flags.
  1. What’s off the grid? Sometimes the best clues are not digital. Is an employee suddenly working unconventional hours, logging onto systems at off-times, making international trips, attempting to add hardware or software, or showing a change in attitude? Each of these actions could indicate deception. The U.S. Federal Bureau of Investigation has issued some helpful guidelines to watch for.

Some inside actors unwittingly leak data by exposing their computers to malware, losing devices, or leaving a device accessible. Whether these threats are intentional or not, being prudent about data is imperative for companies of all sizes.

The CIO’s role

The CIO plays a critical role in ensuring that data is secure and processes are in place to combat internal threats. The CIO should be sure that key players—IT, human resources, counsel—are working together to protect data and remain in compliance with regulations and policies. A CIO should also know what areas are most at risk, develop swift remediation plans, and ensure those plans are deployed quickly.

Powerful tools are available for the CIO to ensure monitoring and detection protocols are in place. In the boardroom and the C-suite, CIOs should play an integral role in maintaining security and boosting confidence in transformational innovation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s