Danger within: Defending cloud environments against insider threats
According to a recent study by Crowd Research Partners, over 90% of organisations feel vulnerable to insider attacks. This should come as no surprise. Cloud adoption and bring your own device (BYOD) policies have greatly improved businesses’ agility, but have also made sensitive business data much more readily accessible, presenting a significant IT security challenge. This is clearly demonstrated in the recent incidents involving BUPA, Morrisons and the CIA.
Of those questioned by Crowd Research Partners, 53% confirmed that they had experienced an insider attack in the last twelve months; additionally, 27% said that insider attacks have become more commonplace. Both statistics are indicative of the growing threat that insiders pose to data security. Unfortunately, in cloud-based IT environments, organisations often struggle to detect anomalous or careless employee behaviours. As such, many must revise their approaches to data protection. However, before deploying a new security solution, it is important to understand four of the most common insider threats faced by businesses today.
The rogue employee
Often described as malicious insiders, rogue employees are individuals that intentionally set out to steal company data; this may be done out of a desire for vengeance, profit, or even a competitor’s benefit. A high profile example can be found with the 2015 case of a Mercedes engineer that stole highly sensitive data in order to give it to his new employer, Ferrari.
Unfortunately, insiders with malicious intent have an upper hand when it comes to data theft – they have legitimate credentials that will bypass the majority of their organisations’ security features. If such an individual holds a senior or administrative role, she or he may even have unfettered access to an organisation’s most sensitive data
The third-party employee
Third parties are frequently overlooked when organisations are planning their security strategies. These insiders often act as fully integrated members of an organisation, even when working from distant locations. Some may also have in-depth familiarity with internal processes and controls, making them just as knowledgeable about security procedures as an internal employee.
The hacked account
Compromised credentials are a significant danger for the enterprise. With usernames and passwords in hand, outside parties can enter corporate networks through legitimate means and evade security systems. An example of this can be found with the global accountancy firm Deloitte. Recently, hackers compromised the organisation’s global email server using a stolen admin account, granting them unfettered access throughout the entire system for months before their activities were discovered.
As this example shows, breaches involving credential compromise can take a great deal of time to identify and remediate. From an IT perspective, it can appear as though account hijackers are simply regular users going about their normal job duties, making it difficult to detect credential compromise.
The careless worker
While disgruntled workers clearly pose a serious threat to organisational security, a less obvious threat rests with happy, but careless employees. These individuals may inadvertently compromise security by using unsecured public Wi-Fi, losing organisational credentials, clicking on suspicious email links, sharing sensitive information with unauthorised parties, or being followed into the office through an access-controlled door. Each of these mishaps offers criminals an opportunity to breach the enterprise.
What can organisations do?
The unpredictable nature of insider threats means that a proactive, multi-faceted solution is the best form of defence. Below are four different approaches to security which, when combined, create robust protections around cloud-based environments.
Automation: Reactive tools that rely upon humans to manually analyse threats are incapable of protecting data in the high-speed era of the cloud. As such, automated security solutions are vital for businesses today. These kinds of tools employ machine learning so that they can identify malicious or suspicious behaviours as they take place; for example, when a user suddenly downloads an unusually large amount of data or accesses sensitive information outside of normal working hours. These tools use an analytical, real-time approach in order to uncover threatening behaviour and take corrective actions as needed.
Identity and access management (IAM): To defend against insider threats, it is imperative that organisations verify users’ identities and grant data access to appropriate parties only. Relying upon basic passwords is no longer an adequate strategy for protecting corporate information. Instead, companies need to leverage multi-factor authentication (MFA) and require a second form of verification – like an SMS token sent via email or text message. Other helpful capabilities include contextual access control, which governs data access by factors like job function and geographic location, as well as session management, which automatically logs inactive users out of corporate applications in order to prevent account hijacking.
Data loss prevention (DLP): Cloud DLP is a dynamic tool that securely enables employees to work wherever they want and whenever they want – from the devices of their choosing. A typical cloud DLP offering should include watermarking (tracking), file encryption, redaction, and other features that help ensure that sensitive data never gets into the wrong hands.
Training: While technology can be a powerful way to improve data security, another effective tool is far simpler. Regular employee training s can raise awareness of security best practices and help keep data protection top of mind for workers. By consistently discussing the importance of security and the consequences of failing to uphold security protocols, the threats of data theft and data leakage can be minimised.
The growing adoption of cloud has greatly improved the agility of many modern businesses. However, it has also given rise to new security concerns – like the insider threats detailed above. Fortunately, by understanding modern threats and deploying appropriate security solutions, many of these risks can be mitigated and even eliminated. In this way, organisations around the world can confidently step into future and secure their use of the cloud.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Four ways to migrate to the cloud without missing a beat: A guide
- » Lacework secures $42 million in funding round to forge ahead with ‘Snowflake for security’ plan
- » Putting data security at the heart of digital transformation – from culture to code
- » Why embracing the cloud means preparing for problems you can't control
- » How does privileged access security work on AWS and other public clouds?