True Data Privacy Cannot Exist Without Addressing the Insider Threat
Protecting sensitive customer data is a huge priority for today’s organizations, which face intensifying regulatory and compliance pressures and unwavering customer expectations. A single data breach can take a tremendous toll on customer loyalty; 70 percent of consumers report they would cease doing business with an organization in the event it experienced one.
Great strides have been made in ensuring data privacy through a diverse (and still growing) set of techniques, from fortifying networks and servers against external cyberattacks, to using artificial intelligence (AI) to identify and redact and/or encrypt sensitive digital data, to implementing strict policies (even at the office printer!) to ensure only authorized employees can print documents containing private information.
However, a truly rigorous and comprehensive approach to customer data privacy cannot exist unless a major source of breaches – privileged insiders – is addressed. A privileged insider is any individual with valid credentials to access internal resources, and who may use this authorized access to negatively impact the integrity of a system or confidentiality of sensitive customer data.
These individuals may not be motivated by malevolence and greed, nor are they necessarily negligent or lacking ethics. The majority are inadvertent actors – those who are blissfully unaware they’re doing anything wrong and don’t understand the potential consequences. Sixty-four percent of enterprises cite careless employees and contractors as the most common cause of insider threats, according to one recent survey.
Regardless of the root cause of an insider threat, the risks to customer data privacy are significant, and the business repercussions can include lost revenues, remediation expenses, damaged brand reputation, service disruption and more. Five best practices for protecting against insider threats including the following:
Monitor insider activity. Some organizations are reticent to implement monitoring, believing employees will view it as intrusive “big brother” behavior. Clearly this must be handled appropriately, but the benefits of insider monitoring – for both the organization, as well as individual workers – vastly outweigh the drawbacks. According to IBM, an estimated 60 percent of breaches are the result of insiders, and proactive monitoring can be the key to eliminating or reducing these. Organizations should consider education and training that explains clearly to workers how such measures actually benefit them, through greater protection and risk insulation.
Be proactive and constantly analyze. The Ponemon Institute’s latest research shows 191 days – more than six months – as the average length of time it now takes organizations to identify a data breach. In the event of malicious insider involvement, this leaves a substantial window of time to wreak havoc by misusing customer data, before the organization is even aware anything is wrong. It is no longer acceptable to passively monitor network and database activity and block access when something doesn’t look right. Rather, organizations must proactively analyze user behavior and act upon trends they see to stay ahead of potential incidents.
Get granular. One reason breaches are so damaging to customer satisfaction and brand reputation is that, in many cases, more customers are notified than may actually be necessary. When in doubt of exactly whose data was accessed, organizations tend to cast the widest net on all customers that may have possibly been impacted. This is especially true in a post-GDPR world, when organizations are now required to report breaches in 72 hours. Achieving this granularity requires more than simply seeing insiders’ session durations, but rather, understanding exactly how, when and what data was accessed. Perhaps a sensitive database was accessed, but only one section within it, as opposed to the whole thing. In the event an insider breach does happen, such granularity can greatly ease reporting and notification efforts while minimizing unnecessary collateral damage.
Manage credentials. Many organizations fail to manage privileged insider user credentials properly – meaning that if a user’s job function changes and they no longer require access to a sensitive data set, that access is not always terminated. Instead, the user accrues access to increasingly more data as their job function evolves, even though such access may no longer be required. Even worse, Osterman Research recently found that 67 percent of organizations couldn’t be sure whether a former employee is still accessing corporate resources. Mismanaged credentials can create significant exposure risks that become exponentially harder to identify, address and contain once employees walk out the door.
Focus on where the most sensitive data lives. A typical enterprise has many data repositories spread throughout it. Determining which data sources need to be monitored for insider threats is essentially a matter of identifying where the most critical data resides. This is often systems of record like the mainframe. An estimated 80 percent of the world’s corporate data continues to reside or originates on the mainframe, making it a prime target for malicious insiders.
Today’s threats to data privacy are always evolving, but one constant is the human element. Even the most seemingly rigorous data privacy initiative cannot be complete unless it addresses the insider threat. Organizations must be on the offensive, especially since these particular threats, unlike those from the outside, are more preventable.