Geoff Webb, vice president of strategy at Micro Focus, said the single most important thing enterprises can do is to reduce the access that insiders have to sensitive data. “Many organizations struggle to adequately manage who has access to data, even highly sensitive data, mostly because of the complexities of the modern workforce, the role of many outsiders, the rate at which information flows, and the effects of privilege creep over time for long-time employees.”
Beyond reducing the level of access that employees have, enterprises should enforce good governance practices in which responsibility for reviewing and certifying who has access is placed squarely with the line-of-business managers who manage that data source, he said.
“Enterprises should monitor activity around access to sensitive or valuable data, looking for anomalous behavior that might indicate that an insider is either improperly accessing that data, or as is often the case, that an outsider is successfully impersonating a privileged user after stealing their credentials,” Webb said. “Like all good security, detering insider threats requires a multi-layered approach. The good news is that it is often the most basic steps that provide the greatest value, and being systematic and thorough provides huge benefits in protecting sensitive data.”
An insider policy needs to be enforceable through the right technologies, for example, implementing user activity monitoring for finance and HR departments can help detect and prevent their ability to abuse access to sensitive information, said Shawn Burke, Global CSO at Sungard Availability Services.” Organizations should also perform routine security awareness and information governance training. Such training ensures employees are well advised of incident response protocol and encouraged to be proactive in reporting suspicious activity.”
The other common thread throughout the security pros interviewed was that security awareness training is key for employees to help spot the insider threat.
Javvad Malik, security advocate at AlienVault, said user awareness and education should be made widely available and repeated. This includes reminding what is or isn’t acceptable behavior, what the risks are and how to report a suspected breach.
“Line managers should also receive training in providing regular reminders to staff as well as remaining vigilant to spot any untoward behavior,” Malik said.
The biggest factor to deter insider risks is to give ongoing security awareness training to all employees, said Scottie Cole, network and security administrator at AppRiver. “This trains employees on what is expected of them and provides them the signs to identify a risk. Insider risk teams should also have ongoing assessments and auditing of company assets can help identify risks that would otherwise be ignored.”
Dottie Schindlinger, governance technology evangelist at Diligent, said training should supplement the current security training already done at the organization. The insider risk team can take a lead role in evaluating security-focused software tools that help identify and deter insider threats, and provide security for sensitive information -- especially information that is shared with external parties, such as board documents being sent to outside directors.
Sign up for CIO Asia eNewsletters.