Strengthen Security by Addressing Insider Risk

By: Aseem Rastogi | 29 Mar 2019

The number of catastrophic cyber-attacks is surging and is likely to get worse. The malicious and deliberate cyber-attacks can be from individuals or organizations trying to benefit from vulnerable business systems. Organizations can construct walls, set up perimeter protection, and spend enormous resources maintaining it all. However, if the enemy is within the organization, that wall is not good enough. According to the Ponemon Institute, 48% of cloud data breaches are the outcome of insiders deliberately or accidentally exposing data from a cloud service. The Information Security Forum puts that number at 54%. Whatever the statistics, it is a reality that attacks from insiders are a real threat.

Malicious data breaches (61%) are among the critical insider threats organizations are most perturbed about (in addition to negligent data breaches and inadvertent data breaches). As malicious threats are planned, it becomes extremely important to foresee and anticipate these threats where possible.

Insider Threat Data Breaches
Insider Threat Data Breaches

Combating Insider Threats – A Different Battle

As cloud services are built to be accessed anytime, anywhere and from any device for easy collaboration and data sharing, the risk of accidental or intentional exposure of sensitive data is real. Organizations often struggle to detect anomalous or careless employee behaviour in cloud-based IT environments.

Take the recent case of an organization’s vengeful sacked employee who rampaged through his former colleague’s AWS accounts and shut down 23 servers and triggering a wave of redundancies.

Protecting your organization from insider threats is a different battle as it is hard to identify and stop them. So, it should be fought with an organized approach.  The right approach is to put controls in place to minimize the risky activities of users and also spot suspicious behavior that indicates malicious insiders.

CloudOptics – Changing the Data Protection Approach for Insider Threats

Addressing the insider threat starts with gaining visibility into the activities of the users in the cloud. After understanding the cloud services in use and how they are being used, the next crucial step is to set the controls in place to minimize the risky cloud activities and detect suspicious behavior that could indicate a malicious insider.

Insider Threat Prevention
Insider Threat Prevention

CloudOptics provides unprecedented visibility and enforces change control instead of the conventional change management process. The CloudOptics solution:

  • Enables defining permissions according to business needs and its flexible and automated controls offer role-based access to sensitive information, and also apply specific controls based on the user action.
  • Provides a nodal point for making the cloud changes. Consequently, IT managers can enforce control via CloudOptics and prevent changes to sensitive cloud infrastructure elements
  • Monitors and controls privileged asset action