Are You Safe from Internal Cyber Threats?
With the threat of security breaches constantly on the rise, and public awareness finally beginning to catch up, it’s no surprise we’re seeing an increased interest from organizations regarding the security of their applications.
You’re right to worry
The reality is that although asking about your app’s security is always a good idea, most organizations would do well to start their security audits with a discrete look into what their employees are doing. Indeed there’s a growing understanding that most major cyber weaknesses come not from malicious apps or hackers on the outside, but from staff being malicious, negligent, or simply unaware…
Consider this evidence:
- Information Age says insider threats continue to be “a top security concern” for organizations.
- Verizon’s Data Breach Investigations Report says privileged user misuse was the fourth largest cybersecurity threat worldwide in 2014.
- The Internet security organization SANS is offering a “Securing The Human” seminar at its December cyberdefense conference, promising to address employee threats to security.
This year’s Verizon Data Breach Investigations Report highlighted two alarming trends on the security landscape — cyberespionage and the growing insider threat – that can cause significant long-term damage to an organization from both the outside and from within. —Muddu Sudhakar, CEO of Caspida
This information shows that companies need to take seriously the education and monitoring of employees.
“People are the most valued asset of an organization and, unfortunately, also one of the primary causes for increased business risk due to their unusual behavioral nuances or by becoming an easy target for attackers,” Gautam Aggarwal, chief marketing officer at Bay Dynamics, said in Security Week.
“Organizations should focus on early detection and predictive protection by proactively identifying unusual user account activity indicating potential human-level prospecting; continuous monitoring for high-risk users who do not have an established norm and their patterns of access show diverse and risky behavior,” Aggarwal said.
What Can I Do?
One option for protection is monitoring software that keeps tabs on employee usage of corporate data. Typically these are software suits that track:
- Data uploads and downloads
While this information is nice to have, what’s really important when considering monitoring as a solution, are these features:
- Instant messenger monitoring – Employees routinely send and receive files via IM (e.g. Skype, Line, Facebook messenger, etc.)
- Email/Webmail monitoring – Another popular tactic for stealing data is sending it to a webmail account (e.g. Gmail, Hotmail, Yahoo, etc.)
- Data loss prevention – What backups and failsafes are offered for protecting erased / hidden data?
Many monitoring suites offer cloud storage for the aggregated data as one of their paid addons / extras – This is certainly an important feature, especially if you ever need a log of activity for legal purposes.
To learn more about monitoring your network and employees for safety and security visit our friends over at DigitalEndpoint,com.
- Reposted from blog.digitalendpoint.com
- Copywriting by copywrite.asia