National Insider Threat Awareness Month is observed annually in September. It was first launched in 2019 to help organizations and individuals better understand insider threats and encourage the development of strategies to address them. Although it was initiated by the National Counterintelligence and Security Center (NCSC) in partnership with the National Insider Threat Task Force (NITTF) and other U.S. government agencies, many organizations and countries worldwide recognize the significance of insider threat awareness and now actively engage in related activities and initiatives.
Executives from Other World Computing (OWC), Datadobi, Arcitecta, and Foxit had this to say on this important topic:
Larry O’Connor, CEO and Founder, Other World Computing (OWC):
“One of the most significant insider threats facing organizations today is the challenge of properly managing employee exits and access revocation. Even weeks or months after departure, it is all too common for exiting employees to still have lingering access to company systems and data. From there, malicious insiders can then steal sensitive data or sabotage critical systems rather easily by exploiting these oversights. And, as organizations have become more reliant on cloud services and remote work, unfortunately this risk has only grown.
Luckily, today we have robust identity and access management controls to mitigate these insider risks. This includes automating the process of disabling accounts across all apps and services when an employee leaves the company. Leveraging technologies like two-factor authentication and certificate-based authentication can also help prevent unauthorized access — even if login credentials are compromised. Additionally, maintaining comprehensive, air-gapped backups of critical data is essential – this provides a secure fallback in case malicious insiders do manage to delete or encrypt production data.
During National Insider Threat Awareness Month, the key message for organizations is to take a hard look at their security practices around employee offboarding and data protection. It’s not a matter of if, but when, an insider threat incident will occur. Companies can significantly reduce the risk and impact of these threats by proactively implementing the right people, processes, and of course technologies. Bottom line — protecting against malicious insiders should be a top cybersecurity priority all year round.”
Carl D’Halluin, CTO, Datadobi:
“National Insider Threat Awareness Month is a crucial reminder not to underestimate the significance of risks from within — regardless of whether they are malicious or a result of negligence. For a clearer picture of just how significant, the 2023 Cost of Insider Risks Global Report by the Ponemon Institute revealed that in 2023, the average annual cost of an insider risk rose to $16.2 million per organization, while the average time to contain an incident extended to 86 days, compared to $15.4 million and 85 days in 2022.
Some might be surprised to learn that it is, in fact, unstructured data that is the most vulnerable due to it being the predominant data type (80% of data). It is the most difficult to manage, secure, and protect, and it often contains valuable and sensitive information making it rather attractive to those that wish to exploit it for personal gain or corporate sabotage.
So during National Insider Threat Awareness Month – and all year long – take decisive action to safeguard your unstructured data against insider threats. Invest in your people – train and provide them with the solutions they require to gain visibility and control of your unstructured data scattered across every environment — local, remote, and in the cloud. Next, foster a culture of accountability and vigilance; because some insider threats are simply a result of human error. Your organization’s survival and success are on the line – so, isn’t an ounce of prevention worth a pound of cure?”
DeeDee Kato, Vice President of Corporate Marketing, Foxit:
“This year during National Insider Threats Awareness Month I think it’s time to shine a light on the importance of robust document security measures – especially, when it comes to the often-overlooked PDF.
Whether you are a government agency, a business, a healthcare provider, a financial institution – it is a safe bet that highly sensitive information is contained within your PDF docs. However, it is important to know that not all PDFs are created equal – especially when it comes to providing protection against internal threats, or external for that matter. But, if data protection and security are a concern (and these days, who isn’t concerned) then you need to know what to look for when choosing your PDF software. I think many of you know that you should start off by choosing a solution that doesn’t skimp when it comes to robust protection features – like encryption, digital signatures, and redaction tools. This provides the peace of mind that that only authorized users can access sensitive content and that confidential information is permanently removed, if necessary. Next on the checklist should be advanced permission settings to control actions such as printing and editing. And let’s not forget that it should integrate with Microsoft OneDrive, SharePoint, etc. to protect your documents, data, and personal information, as well as include watermarking to deter unauthorized distribution. Audit trails and tracking capabilities are two more features that will take your data protection and security to the next level – enabling you to monitor access and modifications, and comply with those all-important data protection regulations.
During this National Insider Threats Awareness Month and all the months to come… remain relentless in your pursuit to prevent insider threats – leave no stone unturned, and scrutinize every potential risk, even those that may appear benign, like the seemingly harmless PDF.”
Jason Lohrey, Founder and CEO of Arcitecta:
Insider Threats & Multifactor Authentication
Individuals within an organization who exploit their access for malicious purposes or unwittingly cause security breaches due to human error are a significant security challenge. Many organizations use multifactor authentication (MFA) to prevent insider threats, but MFA alone is not sufficient. What’s needed is a second mechanism, or authorization, beyond authentication to provide a stronger line of defense. Multifactor authentication and authorization (MFA&A) confirms individual identity during authentication (when seeking initial access) and grants authorization or approval when attempting to perform sensitive data operations to prevent unauthorized access, modification, and deletion.
In combination, multifactor authentication and authorization create a critical measure that provides much stronger security, increases control over system access, and reduces the risk of data breaches. It also ensures compliance with industry regulations and is a cost-effective solution for data security. By implementing MFA&A, organizations can protect their sensitive data and ensure the integrity of their file systems.
Insider Threats & Zero Trust
The notion of zero trust came about through the critical realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be implicitly trusted. Recognizing that insider threats can be the most damaging, organizations should adopt a zero-trust approach to protect them from both insider and outsider actors.
Such an approach should include at least three components:
- Provide multifactor authentication and authorization in the data path.
- Perform continuous verification as a core principle that involves constantly evaluating and authorizing every access request based on real-time factors such as user identity, device security posture, and contextual information.
- Provide the ability to create multiple roles, such as implementing least privilege and creating separate admin accounts.
Cybersecurity Threats & a New Focus on Recovery
IT leaders are shifting their focus from backup to recovery as organizations need complete and immediate data recovery with no downtime or, at most, only milliseconds of downtime to prevent criminals from holding a business and its data hostage for days, weeks, or more. New approaches such as continuous data availability represent game-changing levels of protection that actively record every significant change in real-time for every file so a user can go back to any point in time to retrieve data – quickly and without the assistance of IT. Organizations will increasingly leverage continuous data availability technology to protect data from loss and cyber threats.
Cybersecurity Threats & Data Resiliency
As data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. Organizations need their data to be resilient and continuously available, with the ability to spring back seamlessly to reduce the risk of critical data loss and the impact of downtime, outages, data breaches, and natural disasters. Achieving data resilience at scale requires a radical new model and one that revolutionizes today’s broken backup paradigm. Traditional backup is independent of the file system, but a better approach is to merge the file system and backup as one entity. In this way, every change in the file system can be recorded as it happens, making it seamless to retrieve lost or deleted data, regardless of when it existed and across the entire time continuum.
Like this:
Like Loading...
Related
This entry was posted on September 1, 2024 at 2:32 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
September Is National Insider Threat Awareness Month
National Insider Threat Awareness Month is observed annually in September. It was first launched in 2019 to help organizations and individuals better understand insider threats and encourage the development of strategies to address them. Although it was initiated by the National Counterintelligence and Security Center (NCSC) in partnership with the National Insider Threat Task Force (NITTF) and other U.S. government agencies, many organizations and countries worldwide recognize the significance of insider threat awareness and now actively engage in related activities and initiatives.
Executives from Other World Computing (OWC), Datadobi, Arcitecta, and Foxit had this to say on this important topic:
Larry O’Connor, CEO and Founder, Other World Computing (OWC):
“One of the most significant insider threats facing organizations today is the challenge of properly managing employee exits and access revocation. Even weeks or months after departure, it is all too common for exiting employees to still have lingering access to company systems and data. From there, malicious insiders can then steal sensitive data or sabotage critical systems rather easily by exploiting these oversights. And, as organizations have become more reliant on cloud services and remote work, unfortunately this risk has only grown.
Luckily, today we have robust identity and access management controls to mitigate these insider risks. This includes automating the process of disabling accounts across all apps and services when an employee leaves the company. Leveraging technologies like two-factor authentication and certificate-based authentication can also help prevent unauthorized access — even if login credentials are compromised. Additionally, maintaining comprehensive, air-gapped backups of critical data is essential – this provides a secure fallback in case malicious insiders do manage to delete or encrypt production data.
During National Insider Threat Awareness Month, the key message for organizations is to take a hard look at their security practices around employee offboarding and data protection. It’s not a matter of if, but when, an insider threat incident will occur. Companies can significantly reduce the risk and impact of these threats by proactively implementing the right people, processes, and of course technologies. Bottom line — protecting against malicious insiders should be a top cybersecurity priority all year round.”
Carl D’Halluin, CTO, Datadobi:
“National Insider Threat Awareness Month is a crucial reminder not to underestimate the significance of risks from within — regardless of whether they are malicious or a result of negligence. For a clearer picture of just how significant, the 2023 Cost of Insider Risks Global Report by the Ponemon Institute revealed that in 2023, the average annual cost of an insider risk rose to $16.2 million per organization, while the average time to contain an incident extended to 86 days, compared to $15.4 million and 85 days in 2022.
Some might be surprised to learn that it is, in fact, unstructured data that is the most vulnerable due to it being the predominant data type (80% of data). It is the most difficult to manage, secure, and protect, and it often contains valuable and sensitive information making it rather attractive to those that wish to exploit it for personal gain or corporate sabotage.
So during National Insider Threat Awareness Month – and all year long – take decisive action to safeguard your unstructured data against insider threats. Invest in your people – train and provide them with the solutions they require to gain visibility and control of your unstructured data scattered across every environment — local, remote, and in the cloud. Next, foster a culture of accountability and vigilance; because some insider threats are simply a result of human error. Your organization’s survival and success are on the line – so, isn’t an ounce of prevention worth a pound of cure?”
DeeDee Kato, Vice President of Corporate Marketing, Foxit:
“This year during National Insider Threats Awareness Month I think it’s time to shine a light on the importance of robust document security measures – especially, when it comes to the often-overlooked PDF.
Whether you are a government agency, a business, a healthcare provider, a financial institution – it is a safe bet that highly sensitive information is contained within your PDF docs. However, it is important to know that not all PDFs are created equal – especially when it comes to providing protection against internal threats, or external for that matter. But, if data protection and security are a concern (and these days, who isn’t concerned) then you need to know what to look for when choosing your PDF software. I think many of you know that you should start off by choosing a solution that doesn’t skimp when it comes to robust protection features – like encryption, digital signatures, and redaction tools. This provides the peace of mind that that only authorized users can access sensitive content and that confidential information is permanently removed, if necessary. Next on the checklist should be advanced permission settings to control actions such as printing and editing. And let’s not forget that it should integrate with Microsoft OneDrive, SharePoint, etc. to protect your documents, data, and personal information, as well as include watermarking to deter unauthorized distribution. Audit trails and tracking capabilities are two more features that will take your data protection and security to the next level – enabling you to monitor access and modifications, and comply with those all-important data protection regulations.
During this National Insider Threats Awareness Month and all the months to come… remain relentless in your pursuit to prevent insider threats – leave no stone unturned, and scrutinize every potential risk, even those that may appear benign, like the seemingly harmless PDF.”
Jason Lohrey, Founder and CEO of Arcitecta:
Insider Threats & Multifactor Authentication
Individuals within an organization who exploit their access for malicious purposes or unwittingly cause security breaches due to human error are a significant security challenge. Many organizations use multifactor authentication (MFA) to prevent insider threats, but MFA alone is not sufficient. What’s needed is a second mechanism, or authorization, beyond authentication to provide a stronger line of defense. Multifactor authentication and authorization (MFA&A) confirms individual identity during authentication (when seeking initial access) and grants authorization or approval when attempting to perform sensitive data operations to prevent unauthorized access, modification, and deletion.
In combination, multifactor authentication and authorization create a critical measure that provides much stronger security, increases control over system access, and reduces the risk of data breaches. It also ensures compliance with industry regulations and is a cost-effective solution for data security. By implementing MFA&A, organizations can protect their sensitive data and ensure the integrity of their file systems.
Insider Threats & Zero Trust
The notion of zero trust came about through the critical realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be implicitly trusted. Recognizing that insider threats can be the most damaging, organizations should adopt a zero-trust approach to protect them from both insider and outsider actors.
Such an approach should include at least three components:
Cybersecurity Threats & a New Focus on Recovery
IT leaders are shifting their focus from backup to recovery as organizations need complete and immediate data recovery with no downtime or, at most, only milliseconds of downtime to prevent criminals from holding a business and its data hostage for days, weeks, or more. New approaches such as continuous data availability represent game-changing levels of protection that actively record every significant change in real-time for every file so a user can go back to any point in time to retrieve data – quickly and without the assistance of IT. Organizations will increasingly leverage continuous data availability technology to protect data from loss and cyber threats.
Cybersecurity Threats & Data Resiliency
As data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. Organizations need their data to be resilient and continuously available, with the ability to spring back seamlessly to reduce the risk of critical data loss and the impact of downtime, outages, data breaches, and natural disasters. Achieving data resilience at scale requires a radical new model and one that revolutionizes today’s broken backup paradigm. Traditional backup is independent of the file system, but a better approach is to merge the file system and backup as one entity. In this way, every change in the file system can be recorded as it happens, making it seamless to retrieve lost or deleted data, regardless of when it existed and across the entire time continuum.
Share this:
Like this:
Related
This entry was posted on September 1, 2024 at 2:32 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.