In 2023, Tesla suffered a massive data breach that affected 75,000 employees whose data, including names, phone numbers, and Social Security Numbers were leaked. According to the media outfit to which the data was leaked, even billionaire CEO Elon Musk‘s Social Security number was included in the over 100 gigabytes of leaked data.
Investigations identified two former employees as responsible for the leak, which is neither the first of its kind hitting a major global company, nor will it be the last, at least if recent trends on insider threats are to be taken seriously. And they absolutely should.
Only 12% of insider incidents are detected and contained within the first month of their occurrence, and this is why organizations need to switch to smart real-time monitoring solutions such as the emerging data detection and response (DDR) approach.
Briefly: The State of Insider Threat
According to a report by Securonix, 76% of organizations reported insider attacks as against 66% in 2019. Yet, only 16% consider themselves prepared enough to handle such threats.
If the current tools and programs that companies use are proving ineffective against insider threats, then what hope do enterprises have in combatting this perennial challenge? In a year, the majority of organizations will experience between 21 and 40 insider attacks, each endangering the very existence of companies attacked.
Understanding the Nature of Insider Threats
Time after time, one finds that malicious insiders who launch attacks based on the privilege they have are driven by greed or some kind of ideology, not hesitating to steal sensitive data, intellectual property, and trade secrets for personal gain.
But some might just be driven by disgruntlement, especially for people who work in a toxic work environment, as research shows. A negative workplace culture can easily erode an employee’s sense of loyalty and commitment to the organization.
Therefore, even when they are not directly committing the acts themselves, unhappy employees may feel less inclined to protect the company’s interests and may be more likely to engage in risky or unethical behaviour that compromises security.
That or they may simply become negligent, as occurs in 55% of insider threats, and this is something that occurs even when the workplace culture is favorable. The hybrid/remote work culture doesn’t help either.
In addition, employees who work in a positive culture and are not properly trained on security protocols, policies, and best practices are very likely to inadvertently expose sensitive information or create or allow vulnerabilities that malicious attackers can exploit.
What’s the Solution?
All these are not to say that one can fix insider threats by establishing a positive culture and instituting security training. Sometimes, insider threats can arise due to a failure of policy, such as the offboarding process. Such a failure must have been the cause of Tesla’s woes.
Even non-malicious former employees, by being allowed to retain company data can prove dangerous. And that’s without yet considering third-party vendors, partners, contract staff, and so on. Many of these entities may gain access to some kind of data to do their jobs for a short while, and then they live permanently with them.
The main challenge with dealing with insider threats is that many folks don’t consider their multifaceted nature. There should be a critical emphasis and focus on the plurality and multifaceted nature of attacks launched or allowed by insiders.
A single threat by a lone insider can, at the same time, expose the organization to ransomware, data privacy issues, regulatory sanctions, corporate espionage, and of course, significant money loss. This cascading impact can effectively be the end of any company, regardless of its past resilience.
As such, the right solution to insider attacks must be one that inherently acknowledges the dynamic nature of this kind of threat.
Enter Data Detection and Response
In the cybersecurity industry, it appears that almost every month, a new solution or acronym is launched with the promise of solving all the problems that were previously unsolvable. Therefore, many companies have ended up with a mounting collection of multiple cybersecurity tools that don’t seem to have achieved much. These include DLP, LAM, behavioural analytics, endpoint detection, and so on.
But what if what needs to change is the approach to data protection?
For one, data is often classified for importance and sensitivity based purely on the content. This is not entirely wrong, but anyone who works with data will tell you that it’s not just the content on a table or data frame that matters; the context does too, making the following kinds of questions, and even more, important:
- Who has accessed the data?
- Who can access the data?
- How has the data changed recently?
- Where has the data been used?
- When was the data accessed?
- How was the data accessed?
These are questions that point to the lineage of the data, an important factor in determining how to handle data. Why is this so important? Data is most vulnerable when it is in transit. There are super-secure ways to handle data at rest and data in use. Yet, securing data in motion is a huge challenge.
And that is what Data Detection and Response solves, by applying real-time monitoring not just to the devices (endpoints) through which the data is accessed or to the people who access the data, but to the data itself.
The basic idea of DDR is to follow the data wherever it goes, and when the data is about to be used or accessed inappropriately, the system smartly intervenes. In this way, even insiders are not free to interact with data in unauthorized ways.
Conclusion
Today’s workplaces are dynamic and the approach to cybersecurity also needs to be dynamic in order to remain on top of threats and vulnerabilities. By deploying real-time monitoring, DDR enables cybersecurity teams to catch breaches right before they even occur and protect any kind of compromised data.
The post Insider Threat Protection: How DDR Can Help appeared first on Datafloq.