10 Jul The new security frontier: the insider
Businesses are under siege. While security has been a constant concern for companies since they started using the Internet to connect to the outside world, today’s proliferation of connected devices, distributed networks and increasingly militant cyber criminals has placed security front and centre for any organisation wanting to remain in business.
Add to this the fact that even small companies are falling prey to hackers and thieves, and that legislation such as the Protection of Personal Information Act is placing increasing pressure on businesses to ensure their data remains secure, and it’s no wonder that reports estimate that South African businesses lost an estimated R5.8bn to cybercrime.
However, while companies are investing time and money in ensuring that no breaches from outside the organisation occur, many are still disregarding the threat level posed by insiders. John Mc Loughlin, MD of J2 Software, says that losses caused by negligence – never mind malicious intent – can add up quickly, and that no security solution is therefore complete without the ability to identify and prevent internal data loss.
“In today’s mobile business world, employees rely on the ability to access company data on multiple devices at any given moment. While much has been made of securing the network in light of the Bring Your Own Device (BYOD) trend, and of ensuring that the devices can be locked down when needed, not enough focus is placed on the movement of data, or on the people who use it,” he says.
“It is becoming increasingly apparent that as security becomes more complex, the insider will become an even larger threat. Whether through cyber criminals approaching company insiders to gain access to the business, or through negligent employees losing a portable device or memory stick, protecting against breaches at the endpoint has never been more important.”
He adds that many security products concentrate on identifying attacks, but few are capable of monitoring endpoints for all signs of insider threats. This can be achieved by monitoring behaviour, not just access to data, and continuous monitoring is therefore essential.
“Too many security solutions fail because they neglect history, trends, and context as part of the bigger picture. It’s easy to keep an eye out for people who are obviously up to no good when they access systems they shouldn’t be accessing, but it’s a lot harder to pinpoint the individual who is stealing data that they need to perform their job,” says Mc Loughlin. “Continuous monitoring of employee behaviour is therefore necessary in order to build up a context-based profile that will allow the identification of suspicious changes in that behaviour.”
According to Mc Loughlin, solutions such as those developed by Dtex Systems are at the cutting edge of the fight against the insider threat through the use of sophisticated technology to enable just such monitoring. The company, which has been profiled by publications such as The Wall Street Journal, is utilising machine learning to allow its software to be agile enough to pinpoint behavioural changes.
“Until recently, software was reliant on how it was programmed to drive what it would do. Machine learning allows it to learn and adapt, enabling not only analysis of behaviour, but the ability to study that behaviour in order to flag changes in the typical profile developed. This is the next frontier of security. As companies get harder to breach, the insider will be the entry- and exit-point for security holes, and businesses that ignore the insider threat will continue to suffer huge losses.”