2017 brought a deluge of ransomware attacks and data breaches that caused headlines around the world. From the classroom to the boardroom, cybercriminals made their presence known. But in 2018, companies must also turn their attention to the rapidly growing presence of insider threats.
In my recent conversations with security professionals, the discussion has moved beyond debating what potential harm insiders could cause, to actually preparing for ways to detect and respond to security incidents.
Many organizations still believe the definition of an insider threat to be along the lines of a disgruntled employee who goes rogue, or one who sells company data and information on the Dark Web. And while these definitions still hold true, we must also prepare for many additional iterations of the insider threat.
Most recently, my colleague Richard Henderson elaborated on the many faces of insider threats, noting that in many cases, these threats were not malicious in nature. Overlooking security controls on cloud sharing services, unknowingly joining hostile Wi-Fi networks, leaving workstations unlocked all qualify as a threat. To err is to be human, and mistakes happen. But while employees may not act maliciously, these actions pose serious and real risks. In fact, we know that up to 43% of all data breaches are the result of insiders either inadvertently or maliciously putting data at risk.
Insider threats will continue to evolve in 2018, and companies will need to outpace this evolution in order to protect against, and mitigate these threats. This will require a robust and evolved security strategy, but on a base level, companies need to gain visibility into their endpoint devices. It is also critical to identify potential compliance and regulatory violations, and for companies to be on alert to the movement or storage of important data - whether it be customer or proprietary data. Knowing what important information exists on your company’s endpoints allows you to better quantify, and qualify, the risks inside your organization.
If the best offense is a good defense, then ensuring visibility and protection of your endpoints should be priority number one. At Absolute, we use our position embedded in the firmware of over one billion devices to help give visibility into and control over your important data assets. Our data at-risk discovery tools give you the ability to scan endpoints for sensitive files and remotely protect or remove them from the identified endpoints before they can be ex-filtrated to external storage devices or to the cloud. Our Insider Threat Prevention solutions also help you see all endpoints on and off the corporate network, remotely delete sensitive data on compromised devices, self-heal corrupt applications and understand the risk posed by users.
For more information on how to mitigate the risk of insiders, check out our whitepaper: The Enemy Within – Insiders Are Still the Weakest Link in Your Data Security Chain.