Infosecurity Europe 2016, Europe’s number one information security event, took place in London, 7–9 June 2016. Cybercrimes, ransomware, and insider threat detection were this year’s hot topics.
Netwrix experts ran a few speaking sessions at the Cyber Innovation Showcase segment that focused on visibility and data governance. Here are some of the main takeaways from Peter Smith’s session, “Why visibility is a must.”
#1. Insider threat is still a danger
T-Mobile, Morrisons, and Ofcom are essential to mention, as they all are examples of insider threats.
- T-Mobile – 2009 – Internal Breach: Sales staff were caught selling customer records to brokers who used the information to market to them as their contracts were coming to an end. It was never clear how many records were involved in this murky insider trade, but it was believed to run from half a million to millions. Initially, the ICO refused to name the firm, but was forced to do so after rival networks said they were not involved, leaving only one name.
- Morrisons – 2014 – Insider Attack: Morrisons is still feeling the ramifications of a data breach from two years ago, as 6000 current and former staff signed up for a group lawsuit ahead of the 8 April deadline. In an unusual example of an insider attack, the attacker published details of the firm’s entire workforce database online, 100,000 employees in all. An employee was eventually arrested for the incident and will presumably come to court at some point, which could reveal more details about how the firm’s security was bypassed.
- Ofcom – 2016 – Internal breach: UK media regulator Ofcom suffered one of the biggest security breaches in its history after it emerged that a former employee offered as much as six years’ worth of sensitive internal data to his new employee, a major broadcaster. The data is thought to contain details of business plans submitted by broadcasters during consultations with Ofcom.
#2. The lack of visibility is the main challenge for companies in fighting insider threats
The abovementioned incidents are a perfect example of how firms struggle to protect their data resources from those already legitimately “inside the fence.” Often, it is a case of the ineffective management of privileged users on corporate networks that causes this type of data breach incident. Every organization has employees or contractors who have excessive access rights, and control over these users’ activities is often a weak link in the data security strategy and data access governance solutions.
#3. Cloud technologies make IT infrastructures even more vulnerable
Making sure that only the right people can access the right data becomes even harder in hybrid environments. According to the Netwrix Cloud Security Survey 2015:
- 69% of companies feel that the cloud is insecure because it lacks visibility into user activities; thus, they would never know what is going on. Companies are afraid that migration to the cloud would increase risks of unauthorized access.
- Overall, 71% of enterprises perceive continuous auditing of cloud infrastructure as a very important part of security guarantees that could ensure data integrity in the cloud.
#4. Visibility is the answer
Visibility is critical to maintaining a stable and secure IT environment and must be included in companies’ security strategies. Being aware of system and security setting changes, data access, user behavior, and system configuration states is a great way to detect security incidents and to guarantee adherence to security policies. Only with continuous surveillance companies can ensure the early detection of insider threats and the timely response to each violation before it evolves into a breach.