Four ways to thwart insider threats

      Comments Off on Four ways to thwart insider threats

The World Wide Web is replete with news stories and analyst reports of data leakage and theft ostensibly by ‘trusted’ employees leading to irreparable loss of brand trust and the inevitable lawsuit and resultant fines.

According to a study conducted by Veriato, 59% of employees, voluntarily or involuntarily, say they take sensitive data with them when leaving an organization. This figure is up nearly 10% from two years ago. It doesn’t require a Sherlock Holmes to decipher that the number of incidents are growing. For those cases where data is taken involuntarily, employees aren’t even aware they’re potentially damaging the company they’re leaving.

Verizon, in its 2016 report , further qualifies this serious issue. As per its study, only 14% of users in organizations involved in incidents were in high positions within organizations or had greater access privileges. The point I drove home was: Don’t focus on job titles, but on the level of access. Anybody can be a potential threat, voluntarily or otherwise. Here are four ways to tackle insider threats:

1. Know what data is leaving SAP

Classify documents when creating them and log all export activity. Audit logging and classification functionality are essential for the identification of SAP transactions that result in the export of data from your system.

To thwart insiders leaking data, the ability to log these export related transactions, classify or ‘tag’ data for sensitivity and add RMS protection at the point of creation is invaluable.

To stop malicious insiders, audit and classification functionality gives you the ability to see, track and report on what data is being exported and by whom.

2. Enable checks to alert on suspicious download behavior

You can leverage your SAP system and applications to handle alerts and notifications. Take advantage of this core functionality.

One of the most common methods, among SAP users is to use the Access Control component of SAP GRC to receive and process alerts. For example, generate alerts in real-time to GRC (through an add-on component) and automatically email stakeholders separately in the event of export of sensitive data.

3. Block exports to prevent malicious leaks

Traditional data loss prevention solutions do not have full contextual awareness and cannot make most accurate automated decisions on what should and what should not be allowed to leave the corporate network.

The application of a unique context aware technology based application in an SAP native DLP environment improves security decisions, as they are made by analyzing the who, what, where, when and why of sensitive data in an enterprise. By being aware of what sensitive data resides within different SAP applications, which application it came from (HR, FI, etc.), which authorizations and permissions relate to it, the third-party application should make intelligent security decisions regarding which policies to apply to sensitive data exiting SAP.

4. Use and enterprise DRM to protect exported data perpetually

Digital Rights Management technology is most popularly associated with entertainment and educational content such as e-books and other copyrighted digital media. DRM places restrictions on copying and viewing this information. Why shouldn’t you use this technology for your data exports?

Summary

Companies need to shift their focus towards insider threats in 2018. Outsider threats, while still an important consideration in cyber security, account for only 40% of malicious attacks on your system while 60% potentially come from trusted insiders.

The need for an audit and classification process coupled with checks and balances to notify stakeholders in the event of a sensitive export; a context DLP solution, and the application of encrypted protection using a DRM to perpetually protect data based on assigned permissions are greater than ever before.