Cyberattacks by anonymous outside attackers are by no means the only threat companies face. The risk posed by skills shortages, insider threats and home office scenarios is all too often underestimated.
Hendrik Schless, Senior Manager of Security Solutions at Lookout, explains the different aspects and actors:
“Insider threats have always been a problem. With the rapid expansion of enterprise infrastructure and increased reliance on the cloud, the problem only gets more complex. In the past, traditional Data Loss Prevention (DLP) solutions operated at a defined security perimeter and monitored all incoming and outgoing data traffic. The difficulty is that these tools have no visibility into how users are interacting with the data within that space. So if a user downloads a file locally or makes certain changes, the security team might not be alerted. Some companies have implemented File Integrity Monitoring (FIM) solutions that monitor changes at the file level. But there were also ways to circumvent this.
While the cloud has given us tremendous advances in collaboration, scalability, and data access from anywhere, it has also brought more risks. Insiders often have access to far more resources than they actually need to do their jobs. Attackers have therefore recently focused on phishing employee credentials to launch their attacks. Widespread access to infrastructure also means that one disgruntled, rogue employee can cause major problems for the business.
Modern DLP solutions are able to monitor data usage regardless of where the data resides in the infrastructure and whether it is at rest or in motion. Combining it with User and Entity Behavior Analytics (UEBA) as part of a larger Cloud Access Security Broker (CASB) solution is the best way to prevent insider threats from compromising data.
Remote working only makes it more difficult for organizations to keep track of how their users are accessing, editing, and managing corporate data. The forced adoption of unmanaged smartphones, tablets, laptops and PCs has resulted in many organizations losing control of their data. As a result, they could not ensure that these devices were free of malware when handling sensitive data. Additionally, without the right tools, there was no way to ensure data was protected or properly handled once it arrived on the unmanaged device.
Deploying a CASB solution that can monitor user access and data interaction from both managed and unmanaged devices is key to ensuring data security in the age of remote work.
The Great Resignation puts even more pressure on IT and security teams for two reasons. First, an employee who wants to quit could be trying to steal data—especially if they’re going to a competitor. Lookout has observed this multiple times in various industries in 2021, and it is one of the most common insider threat use cases. Second, these teams need to properly offload the remote workers and lock down all their access. Also, they need to make sure that whatever was stored locally on the laptop hasn’t been transferred to a personal cloud account or computer.
When it comes to security, there needs to be a healthy balance between the use of technology and the human aspect of the job. Some of the most successful security teams rely on tools to identify risks before they occur. However, just when an event triggers a rule, they bring in an employee to monitor the situation to make sure the right action is taken. An example of this is protection against data loss. The tool intercepts a sensitive file that has been shared or modified, logs the action and may even quarantine the file. This allows a member of the security team to assess the situation to ensure there are no longer-term implications.”