Visibility is key to tackling insider threat and data breaches
Sudhakar Ramakrishna, CEO of Pulse Secure
There's a lot of weight given to external threats that cause data breaches and not enough to the insider threats which is a very real issue. Whether it's a disgruntled employee, a malicious employee, an opportunistic employee, or even an employee under pressure from a criminal organisation, the data breach will have the same consequences for the organisation - fines to pay and a bad reputation to overcome.
One of the reasons cyber breaches dominate the headlines is because the hackers release what they've stolen onto the black market or hacker groups release statements about their achievements. In short, they get the column inches because we know it's happened. With insider threats, whether they are malicious or not, we often simply don't ever find out about them. As a result, they don't get talked about as much and they're perceived, wrongly, as a lesser or at least a less frequently successful threat but insider threats are very real - you only have to look at the recent Mossack Fonseca breach to understand the risk.
So how can organisations protect against insider threats?
The first thing that organisations need to understand is that it's not just full time employees that can get access to the network - it's also contractors and guests. It's completely normal for a visitor to request and expect access to your Wi-Fi network while contractors will have even more access. Any one of these can represent an insider threat.
The second thing organisations should consider is what these people are accessing on the network and from where. BYOD and remote working is now the norm within most businesses so organisations have to secure their data while allowing access to it from various different locations and from an array of devices with different operating systems.
Then, organisations need to implement policies and technology solutions that clearly define and regulate network access for employees, contractors and guests whilst taking into consideration where and what devices they may be logging in from - a Network Access Control (NAC) solution is what's required.
Organisations should be looking for NAC solutions that can detect the user, role, device, location, time, network and application and enforce very granular access policies and of course, trigger an alarm if any unusual behaviour is detected. A solution that can take all these factors into account can ultimately red flag an insider threat in action and prevent the unauthorised network, application, or data access before the insider's device connects to the enterprise network via VPN or Wi-Fi. Not only does this protect the corporate network from the insider threat, it also protects the network from infected devices even if they were not infected maliciously. It also ensures only authorised workers have access to the different enterprise resources they need to complete their job. And of course solutions that capture who was logged in to what part of the network and what they've tried to access is incredibly useful intelligence to have during and after a breach.
NAC solutions also need to be compliant, easy-to-use and to easy-to-deploy, scalable and adaptable, and ideally be vendor agnostic.
Choosing a NAC solution that adheres to the toughest government standards with FIPS 140-2 compliance and a Common Criteria assurance level of EAL3+ will future-proof your technology. It's also important to find a solution that employees don't find cumbersome or difficult to use; the result will be unhappy and unproductive workers. Scalability and adaptability should also be considerations because work styles evolve and new technologies are always emerging. Solutions that are vendor-agnostic will often be easier to deploy and manage in the short and long term as they will be compatible with existing systems and technologies.
Finally, a NAC solution with one central management console will give end-to-end visibility of who is accessing data, from which device and from what location. We are a long way off preventing every single data breach but this kind of visibility is exactly the type of help an IT security team needs to win the war and protect their organisation against data breaches.