Insider Threats Pose a Clear and Present Danger: Surendra Singh, Forcepoint

Insider Threat fails to invoke stakeholder attention considering that it has been around for last few years. What is the reason for such a behavior towards Insider Threat? There could be multiple reasons- one companies never believed it could happen to them. Secondly, if some recognized the issue they didn’t know how to tackle it. Most of them left it to be an IT issue relying on existing tools not suited to solve the problem. This resulted in inaction over tackling the insider threat issue. The result is security breaches caused by insider threat continue to climb. According to a Forrester security survey, 39% of breaches the last 12 months resulted from an internal incident. Of these, 26% were the result of deliberate abuses or malicious intent, while 56% were the result of inadvertent misuse of data (18% were a combination of both). The insider threat is leading to loss of sensitive data like intellectual property, corporate financial data and personally identifiable information (PII). What is interesting to note is that organisations today spend 80% of their security budget on dealing with external threats leaving little to spend on insider threat programs. What are the sectors that are mainly impacted by Insider Threats? Sectors that have started to adopt ICT infrastructure and relying on the internet could be seen as one getting impacted by insider threats. The organisations that allow conducting business from personal devices (BYOD) add to the complexity of the insider threat. IT, ITeS, BFSI, Automotive, Engineering, Healthcare, Manufacturing and Government are some of the sectors that would be feeling impact of insider threats. What is Forcepoint’s approach to help the industry overcome such threats? To overcome insider threats what organisations require is user behavior based analytics combined with data loss prevention solution that provide user behavior context around inappropriate attempts to transfer sensitive data, enabling faster and more targeted remediation. Forcepoint has recently launched SureView Insider (SVIT) in India. It is a comprehensive tool which detects risky user behavior, from accidental to malicious. It monitors events at the endpoint and baselines both individual and organizational behavior to understand what behavior is normal and expected. Policy can be set by company, department, function or individual. SVIT can detect deviations not just from policy, but a user’s established behavior. When risky behavior is detected, SVIT has the ability to collect desktop video and allow an investigator to review the actual forensic detail in depth. This DVR-like desktop video replay is not only a visualization tool for investigators, it is admissible as forensic evidence if civil or criminal prosecution is required. It can also be used as a powerful training and counselling tool for employees whose actions are accidental, negligent or well-intentioned violations of policy. SVIT provides visibility into the many areas that network devices can't, including: * Deliberate, malicious acts such as intellectual property (IP) theft, fraud or sabotage that easily circumvent most data leak solutions * Mobile and internal users who take themselves offline or use encryption to avoid detection * Suspicious user activity within complex applications, including email programs and custom deployments of Enterprise Risk Management (ERM) and other solutions * “Leading indicator” actions, such as a screen capture that has been encrypted and saved to a USB drive SVIT is a very mature product with customers in the Fortune 500 and Fortune 100. It is an endpoint-based solution and currently has more than one million endpoints deployed worldwide. Originally developed in 2001 to protect Raytheon’s valuable intellectual property, it grew to become the industry’s leading insider threat solution. What is your message to the CIOs from Insider Threat perspective? Insider threats pose a clear and present danger and CIOs need to recalibrate their security strategy to include insider threats programs than focusing more on perimeter defense. It is important for organisations to know where particular risks lie and why. They need to establish an insider incident response plan with formal processes for the identification, communication, and escalation of insider events. Further, companies should consider investing in solutions that offer sophisticated behavioral analysis and tracking over time to quickly identify user behavior that may lead to or suggest a compromise. By identifying risky users early, breaches can be stopped before or soon after they start. Under the context of growing incidents of Ransomware attacks, is it justifiable to shift focus on Insider Threats? Insider Threat is a broad category. The malwares under it may be ransomwares themselves. There is likelihood of a scenario where cyber criminals use the internal stakeholders to infect the network with a ransomware. Thus it is not about deciding among the two which one to give high priority. It is rather about preparing towards a foolproof cyber security mechanism.

Also Read

Stay in the know with our newsletter