Did you know that one of the top nine attack types consistently covered in Verizon’s Data Breach Report are insider threats and privileged misuse? According to this year’s report, 66% of insiders steal information in hopes of selling it for cash, 17% are just unsanctioned snooping and 15% are taking it in order to take the information to a new employer.
What is the root cause of all of these problems? Access.
Everything starts with what access you give to people in your organization. While regulations are continuously being put in place to try and keep up, they can’t compete with the changing nature of access. The regulations are expanding daily –but so are the number of accounts, applications, devices and people. To add to the issue, more of the workforce is mobile now so where you once only had to worry about information being shared over hard lines or within your office network, you now have the ability, and challenge, of monitoring the world.
Access, or more pointedly incorrect access, leads to insider misuse and a major threat to your organization. How can you stop this problem? Automation.
Look at the number of employees, applications, devices, etc. in your organization. Every time that you have a new hire come on board you have to sit down and make sure they are signed up for just the right amount of access and anytime someone leaves or makes a move to another department you have to do it all again. This is a nightmare for managers everywhere and leads to the incorrect rubber stamping that we see so often leading to privileged access misuse.
With automation, you can quickly take care of this problem and I’ll show you how:
1. Automatic Provisioning – Every sales team member we have needs access to outlook and our CRM. Every marketing member needs access to our marketing automation tool. If we know that these certain applications are going to be approved every time, why don’t we set a rule for that role and automatically provision access to it. If, for some reason, that person needs access to anything outside of the previously specified options then, and only then, would a request get sent to your manager for approval. Not only does this cut down on the time that the manager spends in approving requests, it is also more likely that they will pay attention because they realize this is an exception.
2. Automated Micro-Certifications – Almost every industry is required to have a yearly compliance audit. And that’s great. However, while the audit tells you how you are doing for that one point in time, it doesn’t tell you what happens the next time anyone needs provisioning. Audits don’t remediate things and even when you’ve been labeled compliant, there is still time between any new provisioning and your next audit when you can be breached. With continuous automated data collection, you can watch for these new access assignments which can trigger a micro-certification if something looks wrong. This way, your managers will still only see things that deserve action and it can help you remain compliant all year rather than frantically searching for all approvals just in time for the audit.
3. Automated Alerts – I’ve already mentioned twice how an automated system can alert you to issues in a network. The greatest part of this, however, is that the solution is set up according to your company’s needs. You have the ability to input your organization’s policies and procedures and set just what constitutes segregation of duties violations, privileged account access or what activity patterns lead to a breach. This way, the alerts you receive are specific and relative to your operation rather than generic and, possibly, false.
Insider threats and privileged misuse weren’t just in the top nine attack types this year, they have consistently been there for the past several years. This isn’t an issue that is going to go away because, as we said before, everything begins with access. In order to make this access more than a rubber stamping exercise and to truly see what is going on in your organization, you need to automate.