Shulou(Shulou.com)06/01 Report--

The prevalence of insider threats is a major concern for every company. According to the threat assessment of a number of companies around the world, the Dtex 2018 threat report, Dtex Systems concluded that all companies have blind spots and insider threats are repeatedly banned.

There is no doubt about that.

As long as employees are given decision-making power, employees are likely to make decisions that harm the interests of the company. What can stop this mess is a consistent goal direction, awareness training and, above all, trust. No company can reduce the probability of insider threat to zero, but there are many companies that can bring insider threat close to zero.

The Dtex 2018 threat report brings to the table areas where companies can invest resources to reduce insider threats.

It is clear that companies need to pay attention to basic network security principles, must come out of the stage of refusing to acknowledge network security problems, and acknowledge the need to have a better understanding of what is going on in their environment.

The focus is on those data that are misconfigured in the third-party cloud, so as to prevent sensitive information from being accidentally exposed on the public network. The event of information exposure caused by third-party cloud storage is not an isolated case, and 78% of the respondents have experienced it. We all know what happens when customer data flies out of the cloud window.

Then think about the impact on trading secrets and intellectual property protection. You might as well consult a team of lawyers to ask them how serious trade secret protection omissions can be if they fail to provide adequate safeguards. Doing so can urge people who set up cloud storage to be more cautious, especially if the information being protected is a matter of survival for the company.

According to the Dtex survey, 90% of respondents transfer data to unauthorized unencrypted USB devices (collections, USB drives, data cards, etc.), proving once again that convenience needs always outweigh security requirements. Maybe blocking all USB ports is a solution, or you can choose to provide encryption for all corporate data stores. But if you think rules can stop employees from getting the job done without all kinds of conveniences, you have no idea what insider threats are all about.

Shouldn't employees be trusted?

The employees are all colleagues. Would you hire someone who can't be trusted? Certainly not.

Although malicious users are always looking for new ways to bypass security controls, not all internal risks are malicious. Trusted employees do not necessarily know that they are involved in destructive activities, and they may become prey to voucher thieves. Lack of visibility into all user behavior is at the root of employee vulnerabilities in every company.

Human factors have always been a workaround to invalidate technological defenses.

Acts that undermine the internal security of a company can be divided into two types: those that are meant to be evil, and those that are unintentional.

The former is far more dangerous than the latter.

Interestingly, Dtex's assessment shows that retaliatory attacks that maliciously publish colleagues' personal information are on the rise. The attack, which posts a colleague's personally identifiable information (PII) on a public forum, overwhelms the inbox, voicemail and other forms of communication of the person you want to fix, and can be interpreted as a DDoS attack at the personal level.

In the Dtex assessment report, 67 per cent of respondents reported that malicious employees were involved in risky behavior, making their devices more dangerous than those who never visited porn and gambling sites.

Unfinished meaning

The Dtex report does not list the number of cases in which insiders intentionally betray their employers. Revenge or greed are the two main motivations for such behavior. We may be able to choose this topic for the next survey.

We often see and hear about such incidents in the news that these people are the ultimate insider threats with lasting power.

If a person has natural permission to copy, share, or print information without triggering alarms on security measures such as data loss Prevention (DLP), it is almost impossible to catch the situation unless round-the-clock monitoring is set up.

Safety education, DLP implementation, timely system update, and review of employee permissions (minimum authority principle) are all security recommendations worth considering.

Zero threat is impossible. What companies should strive to do is to reduce the threat to a manageable range.

This article is reproduced from "Safety cattle", original author: nana

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.