CTO Insights: Categorizing Data to Fight Insider Attacks
There is no “I” in “team,” but there are a couple in “insider”. And where inside jobs are concerned, it usually takes two parties to pull it off. Thieves profit from having embedded insiders that can gather intelligence or sabotage their targets before they attack. The tech industry has its own version of this as well.
Inside jobs in the infosec industry are better known as insider threats. These threats are made up of individuals or groups inside a company or organization—which can include one of your employees, business associates, contractors, or partners—who contribute or deliberately try to breach the company network to steal or sabotage information.
Given as they are already inside the company, they have the advantage of being familiar with the network setup, having login credentials, having access to customer information, and finding ways to keep their position in the company without getting caught. Countless companies have suffered financial and competitive losses because of insider threats.
[Read: Why Do People Become Insider Threats?]
One problem with insider threats is how it is not just a small time operation that rarely happens. It happens all the time, and sometimes, it's not just at the target company's expense. Its customers can be affected as well. The Amtrak passenger rail breach revealed how an employee had been selling passenger data for two decades. Hundreds of thousands of clients’ information were exposed online when cybercriminals stole data that former Morgan Stanley financial adviser Galen Marsh copied from his computer. Meanwhile, forty percent of the population of South Korea was put at risk when a computer contractor stole 27 million records from the Korea Credit Bureau.
[Read: What Happened During the Morgan Stanley Breach?]
Insider threats can be motivated by money, ideology, coercion, and ego, which are human flaws. As such, would it even be possible to answer these concerns using digital means?
“It is difficult, if not impossible, to protect everything,” says Trend Micro Chief Technology Officer Raimund Genes, adding, “ Even more important than how to protect data is deciding what data to protect. What you need to decide is: what matters most to your organization and needs to be protected?”
Categorizing data can be effective against insider attacks as sensitive information can be limited to a select group of people. This may serve as the initial gatekeeper in the fight against insider threats and attackers as a whole.
These categories may sound simple, however, classifying data under these categories can still be challenging. For one, sensitive data varies depending on the organization. What one company may see as sensitive data may not be the case for another company. As such, this task require the keen eye of IT admins and executives as it helps determine critical data, and who has access to it.
Watch the latest CTO insights video to find out more on how to defend your organization against insider attacks.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases