Your organization likely spends resources in preventing external breaches and taking the necessary measures to ensure that your company’s data is protected. However, did you consider if you’re having coffee with a hacker every morning?

Organizations tend to forget that more than one out of four breaches involve internal actors. According to the 2018 Verizon Data Breach Investigation Report 28% of data breaches were involving internal actors (2018 Verizon Data Breach Investigation Report)

According to the Verizon report, three out of the top-5 action varieties in breaches includes the use of stolen credentials (22%), information acquired through social phishing (17%) and the downright abuse of privileges (11%). Whether the actions of internal actors are intentional or accidental is an interesting question, but nevertheless, the insider threat is considerable, and the result is the same. Data is compromised putting the company at risk.

Handling data while at the same time ensuring the protection of privacy, is a crucial ingredient for success in today’s business environment. Question is how we acknowledge these facts and minimize internal breaches, without increasing distrust and monitoring of our employees’ every move? 

1 of 3 employees will sell company information if the price is right

A 2015 survey from Clearswift (Research by Loudhouse for Clearswift, 2015) revealed that 35% of employees were willing to sell company data for the right price. Again: one out of three. To put this information into perspective, the US-based Center for Strategic and International Studies estimates the global annual cost of cybercrime to be upwards of $600 billion (CSIS, Economic Impact of Cybercrime: No slowing down, 2018, p. 6)

Of course, organizations have legal measures to safeguard that employees act ethically, but business processes are most often based on trust of confidentiality, and consequently, without adequate monitoring, internal breaches frequently go undetected.

Internally aided breaches are often caused by employees with easy access to critical company data. Companies usually don’t have sufficient measures implemented to ensure restricted access. In fact, the Verizon Data Breach Investigation Report assess that 26% of the internal actors in breaches are system administrators.

So how can you achieve a balance between providing your employees freedom to operate, while still monitoring and detecting suspicious behavior?

Cybersecurity awareness is key

Even though one of four data breaches involve internal actors, many of those are not a result of greed or any other intentional action, but rather employees’ ignorance of the implications of certain actions. We may all know the famous example of the U.S. Department of Homeland Security, who back in 2011 planted USB sticks with their own company logo in the parking lot outside their office. Shockingly, they found that 90% of the USB sticks were picked up by employees and plugged into computers. 

This illustrates the fact that internal data breaches are often not a result of greed, but rather ignorance or unawareness of proper cybersecurity best practices.

How can we make employees think twice before picking up the USB drive and checking the content without hesitation? Opens an e-mail and click on a phony link or reveal logon credentials to someone call from IT support, even though they don’t know the guy? It is important that companies have internal focus on current issues, update operational practices, conduct internal training and implement sufficient data handling and protection policies.

UEBA makes rules based security less critical

By employing a SIEM alongside a UEBA solution and establishing formal measures for operations, companies will be able to setup alarms if e.g. blueprints, strategic roadmaps or new product descriptions are accessed or transferred electronically – thus, providing organizations with the ability to identify and address potential vulnerabilities and anomalies within their IT environment. 

It is crucial for companies to start acknowledging the importance of internal breaches and establish measures for responding to the challenge. Often it is small errors leading to increased vulnerability. With LogPoint UEBA, you can easily detect both suspicious user behavior as well as other entities such as cloud, mobile or on-premise applications, endpoints, networks and external threats – out of the box.

By leveraging machine learning and big-data analytics capabilities, built on LogPoint’s unique one taxonomy, our UEBA solution builds baselines for every entity in the network and actions are then evaluated against these baselines. By this, it becomes less critical to define the right rules, saving precious time for your cybersecurity analysts. Our UEBA module will provide unparalleled time-to-value for your business, along with vastly cutting investigation time by your security team.

Needless to say, you didn’t have coffee with a hacker this morning. But you could have had coffee with someone that unintentionally aided external actors to compromise your corporate network.

Resource: LogPoint UEBA to the rescue
Author: LogPoint collaborators