Page 39 - index
P. 39
The Cybersecurity Battleground
Preparing for the War against Insider Threats
By Alan Kessler, CEO, Vormetric
You know that bad hacker movie, in which a company’s credentials were compromised
because a disgruntled employee clicked on a link with dancing cats? This just isn’t reality. In
fact, recent reports from Ovum and ESG found that both American and European
organizations reported “privileged users,” those being admins and network specialists,
posing the biggest threat because their compromised accounts can cause the most
destruction. The result may not be as severe as Snowden’s revelations, but recent evidence
proves that privileged users are as dangerous as traditional malicious insiders and can
expose companies to data breaches, financial loss and reputational harm.
There is no rulebook that will tell us how insiders will behave
The number of insiders with credentials who can view and modify data across corporate
networks (i.e. contractors, system engineers, network administrators and ordinary users) has
exploded. When abused, these access credentials can be used as a way for insiders to
infiltrate lucrative corporate networks. In the case of external attacks, this is often done with
such stealth that infiltration goes undiscovered for long periods of time, it’s no wonder that so
many people seem daunted at the prospect of managing this multi-faceted risk.
This year has seen example after example of damaging cyber-attacks against large
organizations, sophisticated threats that bypass traditional security defenses and leverage
compromised insider credentials. While not the most complex attack, the Target data breach
remains anchored in top headlines and over a year after of Snowden’s first revelations, NSA
officials have told the press that his haul may have been as large as 1.7 million documents.
While these security incidents vary in terms of scale and impact, they all highlight that
organizations are continuing to fight and are attempting to defend from threats that lie within.
Good news: There’s a silver lining,
Though the perimeter provides a necessary starting point in today’s world of increasingly
diverse and complex threats, a vital way to defend critical assets as threats begin to target
the real treasure troves within organizations – the server – is to take a data centric approach
to security. This involves implementing encryption and access policies to limit exposure, and
monitoring access to identify anomalous user activity.
Let’s look at our options
Though over half of respondents to the recent Ovum report said their biggest concern is
every day users, CISOs are currently spending as much as 80 percent of their security
budgets on perimeter and end point defense. When it comes to limiting insider threats most
organizations tend to believe that enhancing their existing network defenses and end point
protections are the best ways to approach the problem, but reports from Mandiant and
Verizon this year highlight that these defenses are being bypassed by today’s attacks.
39 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
