UNINTENTIONAL INSIDER THREAT: Top Employee Security Mistakes That Put Your Data at Risk

UNINTENTIONAL INSIDER THREAT: Top Employee Security Mistakes That Put Your Data at Risk

by Dr. Eric Cole

ecole@secureanchor.comwww.secureanchor.comSecure Anchor is All Cyber Defense, All of the Time.PREVENT DETECT - RESPOND

Insiders Are Responsible for 90% of Security Incidents *Mailicious

Fraud/Data Theft Inappropriate accessDisgruntled employee

UnintentionalMisuse of systemsLog-in/log-out failuresCloud storage

71%29%* Verizon 2015 Data Breach Investigations Report* Kaspersky Lab 2016 Security Risks Special Report

Are You Focused on the Correct Area?

Nature of Insider ThreatTwo main forms of insider threat Deliberate/malicious insider Accidental/Unintentional insider

Why do insiders become targets? As external targets become more difficult, attackers find insiders are an easier avenue to compromise.

The real threat and biggest risk to confidential data isthe negligent employee,more commonly categorized as the unintentional insider threat.

All it Takes is One ClickFrom an endpoint security perspective, the two most dangerous applications on the planet are: email and web browsers

Insider Threat Current StateInsider threats are on ITs radar

Spending on insider threats will increase

The financial impact is significantOrganizations fail to focus on solutionsInsider threat often the cause of damagePrevention is more a state of mind than a reality

Assessing Vulnerability to InsidersWhat information would an adversary target?What systems contain the information that attackers would target?Who has access to critical information?What would be the easiest way to compromise an insider?What measures or solutions can IT use to prevent/detect these attacks?Does our current budget appropriately address insider threats?What would a security roadmap that includes insider threats look like for our organization?

How well is your organization doing with insider threats?Write your organizations report card and focus on the lowest scoring areas.

*** Findings from a recent survey on Insider Threat

How to Effectively Manage Insider ThreatsHaving Clear Visibility into Employee Actions is Critical.

LifecycleProactiveReactiveEducateDeterDetectInvestigateNotify Employees of Company PolicyRapidly discern mailicious from benign actionsGet a Stack Ranked view of riskiest usersWarnings out-of-policy actions will be recorded and reviewed

Having Clear Visibility into Employee Actions is CriticalLog Files are Not the Answer Too much data to interpret Time and manpower to understand Can only infer conclusionsUser Activity Recording is Key Instantly understandable by anyoneIrrefutable evidence of user actions

Notify employees of company policy violation in real-time and contextInform employees of potential policy violations, as they occur

A proven approach to cutting the number of security incidents in half

Educate

Warn users against proceeding with dangerous or of out-of-policy activities

Warn policy violations will be recorded and reviewed

Mailicious users are 80% less likely to continueDeterShow warnings out-of-policy behavior will be recorded and reviewed

Easy and intuitive - User-centric view

Discover the riskiest users, and gain deep visibility into their present and past

Streamlined Incident Response - investigate a handful of risky users instead of thousands tedious false alerts/discrete eventsDetect

Data exfiltration

Tipping pointCapture and hide data

Video session replay provides context to rapidly discern mailicious from benign actions

Accelerate investigations from weeks/months to minutes/hoursInvestigate

Typical DeploymentDoesnt impact stability of maschineScalable beyond thousands of devices* ObserveIT is not kernel-based, at a user-mode level

Agent

Agent

Agent* Offline mode enabled

SwitchHTTP TrafficObserveIT Application ServerSQL TrafficDatabase ServerObserveIT Web ConsoleObserveIT Admin

The Benefits of Addressing the Insider ThreatQuicker resolution and enforcement of company policies, which creates a more secure and compliant environment around your protected information

A steep decline in the number of inappropriate accesses A reduction in the amount of time spent detecting and investigation incidents A heightened awareness of security throughout the organization A dramatic shift in the culture of security and compliance More efficient compliance with regulatory requirements Achievement of security goals with no additional staff resources

ObserveIT Delivers Instant ROI Reducing Security Incidents10008006004002000EducateDeterDetectInvestigateIncidents

Notify employees of company policyWarn policy violations their actions will be recorded and reviewedGet a Stack Ranked view of riskiest usersRapidly discern mailicious from benign actions

Fact: Your Authorized Users Represent Your Greatest Risk!Insider threats are far more difficult to detect and prevent than external attacks.Insider Threat Report

75% of insider threats go unnoticed. CERT Insider Threat Center

Insider Threats are twice as costly and damaging as external threats.CERT Insider Threat Center Attack Detection

Insider Attacks

External Attacks

32 Months051015202530356 Months

ConclusionPerform damage assessment of threatsMap past and current investment against threatsDetermine exposure to insider threatsCreate attack models to identify exposuresIdentify root-cause vulnerabilitiesBlock and remove the vector of the attackControl flow of inbound delivery methodsFilter on executable, mail and web linksMonitor and look for anomalies in outbound activity