Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

12 steps to address insider threat

19,027 views

Published on

How 500 IT Professionals are addressing the Insider Threat.

If you are one of the third of IT professionals expecting to implement an insider threat program in the next year, here is a guide to help ensure that it's set for the future of internal security.

The lessons from recent high profile security breaches underline how IT professionals are looking to take a joined-up approach of better user education and technology solutions across the whole enterprise.

Technology is available that helps secure access to company resources, protect from outside attacks, and protect users from their own careless behavior.

We’re also seeing change in the way consumers view companies and their security policies. If the message is not being heard from IT professionals for more responsibility from the board, perhaps the message coming from consumers soon will be.

Looking further ahead, IT professionals know there is no silver bullet. The layered approach is more relevant than ever. Security is still, and will continue to be, built in layers to provide better protection, while there’s agreement that more needs to be done to create national and international standards.

The 12-step guide to help ensure that your Insider Threat Program is set for the future of internal security. All data for this guide is from the IS Decisions’ research report User Security in 2015: The Future of Addressing Insider Threat, a study into the opinions and immediate plans of 500 IT decision makers in regard to tackling the insider threat.

1. Educate users
57% of Insider Threat Programs will include organization-wide security training.

2. Use technology
66% of Insider Threat Programs include software solutions (technology, data and tools).

3. Consider partners and supply chains
66% of I.T. Professionals believe organizations need more secure control over partners and supply chains.

4. Include a post employment process
36% of employees have continued to have access to systems or data from an employer after they have left a job.

5. Consult external sources

6.Stay up to date
91% of organizations believe the I.T. Industry needs to work harder to collaborate and address insider threats.

7. Educate senior management
57% of I.T. Professionals believe their organizations senior management does not take enough responsibility for internal security.

8. Get C-level commitment and buy in
Currently the I.T. Department (80%) takes responsibility for insider threat in nearly twice as many organizations as the C Suite (43%) does.

9. Implement greater user access restrictions and control
Applying stronger user restrictions is cited as the no.1 (top) result for how to address user security.

10. Generate user alerts
53% expect user alerts which are triggered by specific actions to be a key method for I.T. Professionals to grow awareness of security issues.

11. Take a multi-layered approach
75% of I.T. Professionals believe that bio-metrics

  • Be the first to comment

  • Be the first to like this

12 steps to address insider threat

  1. 1. Iii ) STEPSTO . FUTUREPRUDFIRG / / — YUUR IIIITERIIIAI SECURITY If you are one of the third of IT professionals expecting to implement insider threat programmes in the next year, here's a guide to ensuring that it's set for the future of internal security. EAURAIEUSERS ‘I‘nIl--«om= I L‘i«O)bVfl01!l~‘. , E-mi IE1: Eoxawii ’, o1i= .1-r= I ”(0>~‘i'l= .lIi In»--rm‘ lnieltoiksnr i’nIi= r=_ir 1:. In = loT| I.lII= .iiI'I1gI l. li(= ll-‘I bxsiiiut mm: »1 III nmra lllnioxvniikvze 4:1‘ u: .Lo, ‘nnLo, ‘I ‘uVr. v 3, = .Iewvm= III = .l~‘I I31: lLo, ‘l‘nii i= lIlililIlIoLg)V/ 'lO~g]Ie1VAVf‘= ,lVAVl= .li= lIl= I-1:. II UAEUEIUNUIURI __, ~"”” ‘lira nr: j1c1il§v/ oiI"'Il 'plIeif= L‘L1IolIl= .lli' ‘uvflll fox-. -I r, ’ s]'_ox= I'nrojIIn; gI nun: OIII : r=mI, |II‘§v/ ’(= xIl‘nIl1o1keg'y/ », (oil ‘I I = Ik= Inr= mi ‘I lm I’-rs m= r=. |I I-. Iim= I uvllim ‘(= rcI‘rI| nro1toLo,1yI' “(oral-I bx= flILO, ‘I ‘ ‘nioxsli are eII'= .IlV/ lnieI‘lo. t=: I i‘m= r:_It 911-3 g M‘ II IIUIIISIIJER PARTIIIERS T SSUPPIY CHAIIIIS I When we say ‘users’, we do notjust mean immediate , 5; employees. Anyone who has access to your network I has to be subject to the same process and restrictions, ‘I ' ‘Al or there is little point in having them in place. V . ,’ IIIIIIIUIIE A PUST —— EIIAPLUYIIAEIIIT PRUCESS I . This is the least common element of IT professionals insider threat programmes, yet it is so important and so simple. Ensure that a process is in place that ensures ex-employees can no longer access the organisation's systems or data as soon as they have ceased employment. UI3% OF EMPLOYEES HAVE CONTINUED ‘ TO HAVE ACCESS TO SYSTEMS OR ‘ DATA FROM AN EMPLOYER AFTER I THEY HAVE LEFTAJOB RUNRUIIEXIERI I VAVl= r-oil! -‘Infii -1=l= v=. I loii IiT“dIl'IL1=I'Il~1U. l-‘»-= .IL AIIHHHIfWI fl i"VAVl'IlIIl'nho. '(o1l. II'l= li'I “(o>-am'nL1=nl‘i IIII J ' I} lnI’(= II‘nr= .II . ~r= uII. |l1§v; , = .| 911:1-1I. |‘n'n= .l{o)| v/*y; o r-silo-ex»)nu: -«oi? IhI’[e. .=l| I=r: xdLv~gIv1=nI I ? _ . I_ , V[Oll. Il= -‘ 'i= l=. lCITI'lL0,'l ‘ihlb. .I= I’, oxoxiiI‘CIo)Iii. ,1uI:1i ’: =.| K(= .-oxurnrvm-mil I‘nio1IILo, |‘ny-= .IIr: .lu-i's: ., It ' I nr= roi| !=_; o1(g‘| =_| IIL1=. iIto1'n1=. .IIk(= -CEIEII “nr= I|; or-, v;o1u, I‘iongranIrain»-omtsraiiivzs-*vA'l= mvro)f ‘niomvi "(O>~'iiI! [Iiil. Il= ",Vl0l! Ii 1:1»-llo: t=II i‘m= r=. ii pxromnlnnlnira STAY UP TU DATE 7 Don't read up once and forget either. J The technologies and thinking invol- ved in combatting insider threat are evolving as quickly as the threat is itself, so it is imperative to stay informed. Your insider threat programme can evolve along with what you learn too. 9 WOR Ts K HARDER TO COLLABORATE AND ADDRESS INSIDER THPEA , U 0 _I OF ORGANIZATIONS BELIEVE THE | .T. INDUSTRY NEEDS TO ‘ "' E 57% OF | .T. PROFESSIONALS BELIEVE THEIR ORGANISATIONS SENIOR MANAGEMENT DOES NOT TAKE ENOUGH RESPONSIBILITY FOR INTERNAL SECURITY IIIIIIIIIIIII AI IIIIIIMIII g —. nmsii oxe1=. IhIL-nlilomr. «annex: nmlnrrgra , VAV! a turomvi ‘I‘n: .1I In. 'l'IK= I nii ; -r= .v/ -=rnr u‘| ’nI. =.iilir= In1‘il-hi ‘(or<i‘n1-a-I-1-1IIr= »-o1f‘lnl“(= I'm= II f E I srsruulilivi mhlkra ‘iixelni = _I ', omom§v/ III I. H=II = roj| IIr¢e. IiIox‘nI :1 oil A T I . ,, I Inxvrolkvrs ‘I‘nr= mI lm lni| ;o1l=1m= niiI'nu‘I = .mo: l = l'Ii? olldII[gI praxnqu I — —| IE I. , _ I | u II I. E, I I I I - . I - I ‘I T I _ — ~ 5 I I‘ I I‘ I I I I . l (‘V , .- ” 7?" . I T I 1 I J’ I I ojtommi ‘Ihrji nr= r=. m.-. i‘nr= .li i‘ni= - i-m= .II. ‘ nmi mlw U iojkan-1‘I= .I flellll l‘ns~IIcit= II Iilr. -.r= _ii pun; -;| Inlnra I‘nr= ;v/ 'I'IlI. L1i fox: II! lI| v/ ioxoiulgliit lnikm ii = .mojI lnvmlvnrojl III Iii: ', Ol'lo1oK= l-1E. -. I _ . ll Tm p)_: =IA1:lImI, =mII ‘(: m:AI ‘M115: elael. -I ml-1I: lIIIP' = ml-‘llllae. m7‘VLVI' I }! I'I‘IVII~7“I[ : ‘ls‘L‘ . ‘¥‘ Eh‘ -1IlII= EWVAIIIII )1. I] IIIAPLEIIUEIIIT I GREATER USER ACCESS E RESTRIIITIUIIIS 5 IIUIIITRIII On a tactical level, most IT professionals are expecting to be implementing greater user restrictions, and this ‘ _ is an element of tackling insider threat that has both I I practical and educational value. The more restrictions I , ‘ V 'I_ there are the smaller the surface of attack, but restric- tions also serve as a constant reminder for users. APPLYING STRONGER USER RESTRICTIONS IS CITED AS THE TOP RESULT FOR HOW TO ADDRESS USER SECURITY : : ii" GERERATE g USERAIERTS Another way of reminding users of policy is by implementing user alerts, particularly useful when triggered by any kinds of suspicious behaviour so users learn to know what is and what isn‘t good practice. T? ’ If, ~N%I EXPECT USER ALERTS WHICH ARE TRIGGERED BY SPECIFIC ACTIONS TO BE A KEY METHOD FOR | ,T, PROFESSIONALS TO GROW AWARENESS OF SECURITY ISSUES. TAKE A IIIIUITI-IAYERED APPRUACH V” Biometrics, two-factor authentication, physical security keys; all ofthese security approaches have their strengths, but each is more powerful in conjunction with others. Do not consider new technology as a ‘replacement’ to old, instead ifyou’re considering new technologies, take the most effective multi-layered approach. LEVI: 1=mI as : l,: .~iI"viv/ N ILVFIQIEIIIHEJ [OI ACC, $‘L‘ICOl IOIEIAIISPIAIVAI BE TRAIIISPAREIIIT, “II EXTERIIIAIIY 5 IIIITERIIIAIIY A good internal security policy is one that is transparent and properly communicated to all employees. But you should ensure that you com- municate your approach to security externally too. As customers are increasingly going to be scrutinising companies on their security approach, it helps to be able to show them that you have the right attitude to keeping OF l. T. PROFESSIONALS THINK AN ORGANIZATIONS PERCEIVED SECURITY IMPACTS WHICH BUSINESSES CONSUMERS CHOOSE TO BUY FROM. their data safe. {.4 Ai‘(= Ir IE1- ? -xr ’n= _rcIt1|l'nL9I In-It-ik= :I i’m= r=. it vmiil II ; o)rufi= I.1-1to1nr= .II-. ‘ir= .It(IugI 'l= II(= IIii ‘nI'Lo, '|‘n plleiflla sx= rcurIi1§v/ E-1I=2=. iaI‘n1=L~. IACII5 is I, -xmvnn ‘I in» ‘n1uLo,1=~ ‘, V,l= l=. li - Aloflirui gm-. :rcI‘nI elf bxsiiieli uxelr = ro: lI. Kor= .l‘iIonI :1 oil "(= inI‘nI‘nrolto1,o, )v/ -sxolluiilome = _lOl'lO)~1~‘I i| ll= I“VAVl’llO)R= I‘flliifllpllklfl Ii [r= uIL~| Iom. ~. . ‘(o)iiVAVl= .I'l= -0ifl= lli'I oxexalnluaiitolnie 'p)'lOVl= I'II I slflerciikvre iitlllliltllli ion ‘n= II', o> .1=l0l! I'l= =, xor«= rex. -I to» omn]', I!= .l'n1v/ rsuroiulnr-3 ; omi’x= uIi innrm O1I_IL'flIfR= =, ii‘: =.rcIk(-1 = .mojl plIo)"(=1oii ! l~‘(= l'l= ‘I ia)nI I‘n1=III own» ¢= .II= lk= L1:. fcx= I‘nr= .vno1II. I's I&@I.0III MANAGE, CONTROL AND SECURE NETNORK ACCESS FOR ALL AUTHENTICATED USERS, C‘ HTTP: //WWW. USERLOCK. COM -, _.E [III lllfllfl. * SECURE AND REPORT ON ALL ACCESS TO FILES, FOLDERS I "— ‘ AND FILE SHARES THAT RESIDE ON WINDOWS SYSTEMS. I ' ‘ HTTP: //WWW. FILEAUDIT. COM ‘VI {X — _‘. ‘,_~I. ' — '_ ‘V- E“ LIT. "x[. . -_ ’! l'_l_ II T? ’ GI-l0.l2A'l| I!Ii| ’r/ v’A| lI= ¥ I-'I, Ix= x-tutu-I. v.1yA'I «A1Ihfl§lil’III=1-1=| m=1q‘I uxultux-ItemIrdlflllqauiliirslu-iiare[=1I-mitt---illflyicx-IL-1': -1-rmfifl AilliireununIbx= n.-0)? ‘iil[. -dl-xuvum= n|hqomr= -rxoxn-iirsulelbrsr-II-11-: u1n(=1px-uh-Ia-Im= mz1=rqII| iiWlAvglllaa ‘lirasnail! Ias-oiierélilxessilnunlnrellitqi 'liu= r=, i‘-I

×