By Professor Mark Rodbert, CEO of idax
The seemingly never-ending series of data breaches of the last year have pushed cyber security ever higher onto the agenda of organisations across the FTSE 500 and beyond. Traditionally, IT security has been the sole responsibility of IT departments. The growth in dependence on technology, however, and the digitalisation of banking has increased risk and therefore the importance of security.
Since 2005, there have been over 5,810 major data breaches (over 32,000 records), totalling over 850 million records, according to the Identity Theft Resource Centre. The typical business response has been to build ever higher walls around data. Greater protection is necessary, but this approach alone fails to recognise the potential existence of spies inside the walls, or the impact of a sleeping sentry.
The fact is, insider breaches are far more common than you would imagine. Research from PWC along with the Department for Business Innovation and Skills found 58 percent of large organisations suffered staff related security breaches in 2014, compared to 24 percent detecting outsiders penetrating their networks. Regular financial audits are a key part of the business calendar to ensure money is kept track of, but in an age where data can just as easily be removed illegally by staff, it should be audited too. Key to auditing in cyber is introducing access management, regular reviews and ensuring staff share data safely and appropriately.
Understanding where data is being held and critically who can access it is essential to maintaining security. Statements from ex Ashley Madison CEO Noel Biderman last summer, revealed that their 37,000 record breach was the result of a contractor with too much privilege, going rogue.
Managing access as part of regular cyber audits can help to implement the principle of least privilege, ensuring no single individual can see any more data than totally necessary to complete their day to day role. The benefit of this is that if an individual does decide to steal information, there will be a limit on what they can take, so any damage will be much less significant. Regular audits of information can also help to identify what data has been breached a lot faster. With the knowledge of precisely what data a specific person has access to, managers will be able to spot the insiders who have committed malpractice in just a few clicks.
Implementing access management as part of regular audits actually isn’t particularly complicated either, with the right technology, data analysis can be automated, access rules evaluated and risks identified quickly.
A key part of auditing data and ensuring access management achieves its desired aims is regular review processes. If someone moves job, their access needs to be altered, and if someone can see something they shouldn’t this must be quickly flagged. Traditionally the process has been a laborious one, involving a manager auditing thousands of pieces of information manually to deter who should and shouldn’t be able to see specific files and datasets. The time consuming nature of the approach has meant that more often than not, issues are missed or the process isn’t completed.
Taking an analytics approach to auditing in cyber, using the data you’re trying to protect to inform the review process is a very efficient way to manage risk, and is actually very easy. Analytics tools can identify areas where an individual might have too much access and send only these risky entitlements to a manager to manually examine.
Auditing data by employing access management and review processes will help organisations to take control and reduce the greatest threat to the enterprise, insiders. We’ve found this can be further supported by discouraging malpractice, highlighting the consequences of a data breach and introducing clear company-wide policies and rules, such as outlawing the use of personal file servers and email accounts.
Following ten years that have seen over 5,000 data breaches, the majority of which were caused by insiders, organisations need to fast examine their internal policies and keep better track of information. Ultimately, security breaches will happen, but regular auditing in cyber can help to limit their impact. By managing access and introducing a regular review process, the principle of least privilege will be maintained, which in turn will reduce the ability of cybercriminals to commit the damaging criminal acts so many organisations have struggled to combat in recent years.