Mark Rodbert, CEO at idax Software, argues that good security starts with implementing software to manage access rights.
It seems that the peak of data breaches is upon us, with a different story hitting the headlines everyday – although I’ve been saying that every year since 2015.
When imagining where the threat is coming from, most people picture a hooded hacker in a dark room, or a state-sponsored covert operation.
As a consequence, most organisations are focussing their defence on implementing solutions to prevent intruders from getting in, relying heavily on solutions such as firewalls or antivirus protection.
But what about the people who are already in and pose a threat to the internal security of the organisation?
Also of interest: Top 10 cyber threats that your business needs to know
Internal threats taking a turn for the worse
It turns out that the real threat lies a lot closer to home, with sixty six percent of organisations considering malicious insider attacks or accidental breaches more likely than external attacks.
Whether they are the result of bad actors attempting to sell on sensitive company data, collusion or unwitting accomplices using a work laptop on Starbucks wifi, most breaches are simply a matter of access and opportunity.
Ultimately the outcome is the same, whether the intent is malicious or not. But, if we can identify who has access to what data and applications, and which of these are out of the ordinary, maybe there is a way to prevent internal threats after all
Clearly, external threat is still a priority for businesses and it’s no surprise with many well-known enterprise businesses like T-Mobile, Facebook and Google all facing damaging external cyber breaches last year.
Yet this should not distract companies from the internal threat, which can be just as damaging – a reported ninety percent of organisations feeling vulnerable to insider threat, and the majority of employees have access to data they shouldn’t.
However, an insider threat becomes an external threat when compromised access is used by unscrupulous attackers. By tightening up internal security vigilance, controls and access processes, external hackers will find it harder to break through and entice staff with a phishing email.
Also of interest: The role of the threat hunter: what is it and why it matters
Access management on the front lines
So what can businesses do to start building their cyber defence to insider threat? Unfortunately the answer is not as easy as simply implementing a new security system or process. Companies need to recognise the need for a cultural shift and change in attitude, to the point where everybody in the organisation understands that cyber security is their responsibility.
In order to change the culture around protecting assets, organisations need to make everyone from the CEO to the person on the door feel responsible, involved, and empowered, putting employees at the front of the fight. This requires building tools not just for the IT security department available and but targeted at the whole organisation.
However, we are discussing a transformational change which won’t take place overnight, but over a significant period so that each individual comes to recognise the part they play.
The first phase of this is access management being the job of specific security teams. The issue here is that employees feel as though security is a job for the security or IT team, and has nothing to do with them.
The next phase, which is becoming increasingly widespread among organisations, is steering away from having just the security team deal with all things security, and are instead putting line managers in charge of access rights.
Currently, this often involves the line manager having to deal with a highly complicated, confusing spreadsheet of access details, with no context or explanation about what in the list refers to what data, and what files are required for a role.
Moreover, the risk with reviewing access to assets is asymmetric. If access to something that an employee does need is taken away, there is a very high chance of a small issue. However, if somebody keeps access to something they shouldn’t have, there is a very small chance of a huge breach. Human beings need help comparing these risks.
In the long run – the eventual third phase of this shift – companies can look to become part of the security revolution that will see everyone in a company self-certificating their own access rights, with oversight and ultimate approval from line managers. With an engaging, end-user- friendly UI, employees are encouraged to take responsibility of their own actions and aim to be as secure as possible.
2019 is looking like it may be the year for organisations to finally take a step back – or in fact step up – and analyse their own internal security measures. Internal threat is and always has been overlooked as a significant cyber threat.
Why wait any longer to crack down on your internal security? By implementing a software to manage access rights, employers can start their journey to change company culture towards security immediately.