Breach Detection BREACH DETECTION

Many businesses are starting to understand that the biggest concern for their business lies right under their noses: their own employees.

According to a new study conducted by Cybersecurity Insiders, over half of organizations (53%) have confirmed an insider attack within the last 12 months. The group polled 400,000 people for its 2018 Insider Threat Report and found that ninety percent of businesses feel they are vulnerable to an insider attack.

While many organizations focus on potentially malicious insiders, insider intentionally looking to do harm to an organization, it’s much more common for employees to partake in accidental or negligent activity. Nevertheless, insider threat detection is a top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).

An article on Dark Reading describes these 5 red flags and best practices to help your organizations determine when an insider threat is happening and what you can do to protect against them.

1. Unauthorized Data Access

Reports by Cybersecurity Insiders have found that the top enabling risk factor for insider threats is too many users with access privileges (37%), followed by the increased number of devices with access to sensitive data (36%), and greater complexity of IT (35%). The good news is that organizations across the spectrum are investing in protective measures with Intrusion Detection and Prevention Systems (63%), log management (62%), SIEM systems (51%), and predictive analytics (40%).

The tools your organizations invests in will depend on the size of your business, but storing valuable data in a subnet is recommended as a start. With these basic monitoring and security tools in place, you’ll start to notice repeated access if an authorized person repeatedly tries to gain access.

2. Suspicious Activity

Behavioral monitoring tools have advanced over the last several years and work by building a profile of each individual and flag when any activity deviates from their typical behavior. Data indicates that 94% of companies use tools to detect anomalous behavior, compared to 48% from just last year. Almost half (44%) employ User Activity Monitoring and 42% user server logs for managing user behavior.

3. Non-Technical Cues

Employees who are sloppy and careless about their work could represent a big security risk. Careless employees could harbor malicious intent and cause harm purposefully, but they could also be the starting point for unintentional data leaks. Sloppy behavior could lead to accidental information sharing. If an employee consistently makes mistakes like accidentally emailing or posting data, it’s time for some serious security training or a new hire.

4. Know Where your ‘Cool Data’ Resides

Protecting your most valuable information starts with knowing what it looks like. Understand what data cannot leave the organizations, who’s allowed access to that data, and what kind of policies are in place to protect that data.

5. Create an Incident Response Plan

While it’s common today for organizations to have an IRP for handling an external breach, not many have the same plan in place for an insider attack. Insider threats should be treated with the same seriousness as an external breach, as it can cause just as much damage.

 

Read the article on Dark Reading

 

 

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.