Cybersecurity is all over the news channels and media these days. The subject even finds extensive mention on the governmental budgets and expenses.
A major chunk of the cybersecurity spend is driven by the fear of keeping external threats from stealing organizations’ most valuable asset- the information
However, according to McKinsey, 50% of the data breaches in 2017 were caused by insiders.
In a report earlier this year, Gartner sees “the trend in buyer interest in insider threats with buyer inquiries for insider threats in 2019 on pace to double the inquiries on the topic since 2018.”
The need of cybersecurity awareness trainings is imperative with the advent of diversification at the workplaces to include remote workers, contractors, part time employees, suppliers.
Add to the mix various platform integrations, managed services that promise to have a seamless experience for our users resulting in increased productivity, the insider threat risks will continue to grow.
The field of technologies traditionally used to combat insider threats is relatively siloed, and may include:
User Entity Behavior Analytics (UEBA) which is focused on detecting threats by analyzing massive amounts of “log” information
Data Loss Prevention (DLP) that approaches the problem from a “data” perspective by classifying and defining preventative controls based on content inspection
User Activity Monitoring (UAM) that focuses on only analyzing “user activity” to identify threats.
Legacy siloed technologies can’t keep up with the insider threats, unless there is measures to combat the lack of a user’s awareness.
The decision makers of today, (mis)guided by the concept of defense in depth continue to deploy the layered yet siloed solutions, where each new layer solves only a piece of the puzzle.
Where the most important aspect and the weakest link of this puzzle – Our Users gets lost in the technology centric view imposed upon them.
The insider threat and especially the lack of a user’s awareness to safeguard the information requires a more holistic approach that must include the functions such as the HR, Legal, Physical Security and not just the IT or Compliance.
User Awareness trainings must also be linked to a user’s mandatory induction or appraisals and reinforced by the management.
Now, If only the employees at the hospital understood the responsibility of handling the patient information, our neighborhood hospital could have saved the efforts and funds of a post data breach cleanup*Cybersecurity is all over the news channels and media these days. The subject even finds extensive mention on the governmental budgets and expenses.
A major chunk of the cybersecurity spend is driven by the fear of keeping external threats from stealing organizations’ most valuable asset- the information
However, according to McKinsey, 50% of the data breaches in 2017 were caused by insiders.
In a report earlier this year, Gartner sees “the trend in buyer interest in insider threats with buyer inquiries for insider threats in 2019 on pace to double the inquiries on the topic since 2018.”
About the Author
.Settled in The Hague, Punita is an electronics and telecom engineer by education. She has run Information Security programs and Audits for French/Indian multinational firms across the Middle east, Europe, India and Malaysia.