The definition of insider threats is as broad as the risks it represents. While insider threats may originate from negligent or malicious employees, they can also be external cybercriminals who bypassed perimeter controls using a compromised user account. No matter the source, or motivation, insider threat risk is on the rise according to research by Forrester.
Insider threats can be difficult to identify or prevent since they are often invisible to perimeter security solutions like firewalls and intrusion detection systems. Exploiting an authorized login typically isn’t triggered as abnormal behavior. Multi-factor authentication (MFA) is useful against a cybercriminal using stolen credentials, but isn’t a panacea across all use cases.
We’ve written recently about how insider threats can drive better data protection strategies. We’ve also written about the cost of insider threats and how it is growing significantly year after year. According to Forrester, less than 30% of firms say they have an insider risk management strategy or policy.
Many organizations hesitate to restrict data access due to the impact on business objectives. Delivering security to your organization doesn’t require locking down your data to the point it’s unusable. A data-centered security approach forms the necessary foundation to protect against insider threats while keeping the data accessible.
“There is nothing constant but change”
This paraphrased quote, often attributed to Greek philosopher Heraclitus (544 BC – 483 BC), sums up most of our business environments. Organizations are wrestling with cloud migration projects, new applications, and users with legitimate access to data. Together they represent a moving target for security.
The journey to the cloud diverts attention from users, permissions, and data
- As organizations rapidly consume cloud resources they can also be unaware of the sensitive data that is stored there and who has access to it.
- According to an Oracle/KPMG report, 92% of IT and security professionals surveyed said their companies have a “cloud security readiness gap” between their current and planned cloud usage and the maturity of their cloud security programs.
More applications and more automation = more paths to data
- Organizations are striving to obtain operational efficiency through automation, which can create more inroads into malicious data activities.
- Firms struggle with solutions that don’t allow for an increased number of applications and the exponential growth of data found in most organizations.
Accounts represent legitimate access to data, making it difficult to identify risky behavior
- Internal users have legitimate access to business information; cybercriminals abuse credentials of existing accounts to bypass access controls.
- MITRE lists valid accounts as a sub-technique for initial access and privilege escalation tactics.
How you can reduce risk from insider threats
The foundation to insider threat detection revolves around education and anomalous behavior discovery. Organizations need continuous visibility and automation to reduce risk from privileged data access and to empower incident response teams for efficient threat mitigation.
To start, focus on security best practices. Ensure employees don’t share passwords – either internally, or worse externally – and properly log out of environments that contain sensitive data when they are done working.
Gaining visibility across your data repositories is the critical next step. Analytics tools like Imperva Data Risk Analytics can help you establish a baseline for normal data access activity. They automatically detect, analyze, and alert the security team to any potential insider threats. You’ll be able to proactively and predictively monitor user permissions and privilege levels to access sensitive data so if a user’s job does not require access to specific sensitive data you can deny it in real-time.
You’ll also be able to accurately prioritize high-risk incidents and eliminate “false positives”. This profoundly reduces the need for manual labor, closes skills gaps, and makes security and governance teams more effective across departments. Overall, you’ll gain simpler, more effective enterprise-wide data protection while at the same time reducing the complexity and costs of managing data security across your enterprise.
Reduce the risk of insider threats using Imperva data security
A solution that enables visibility at the data layer gives you the capacity to proactively manage risks, detect constantly changing threats, and provides the foundation for a comprehensive data protection strategy. Your team should be able to see all the data on a single, unified platform and – as new data sources are added – your solution should be able to scale up to onboard them no matter where that data resides.
In addition to creating cost savings from dramatically improved insider (and outsider) threat mitigation, a comprehensive data protection strategy will improve the alignment of teams within your enterprise, reduce negative brand impact, and drive better security culture within your enterprise.
To learn more about Imperva’s approach to data protection or if you have questions about the report, please contact your Imperva Account Representative.
Imperva Data Security Fabric (DSF) provides centralized data security across legacy and modern cloud environments by automating detection, protection, and risk response for all data across multicloud and hybrid environments. Imperva DSF makes it easier for customers to understand and mitigate data risk at every step of their security journey across structured, semi-structured, and unstructured data.
Try Imperva for Free
Protect your business for 30 days on Imperva.