Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

AUDITING IN CYBER: HOW ORGANISATIONS CAN KEEP TRACK OF THEIR DATA

Published On :

By Professor Mark Rodbert, CEO of idax

The seemingly never-ending series of data breaches of the last year have pushed cyber security ever higher onto the agenda of organisations across the FTSE 500 and beyond. Traditionally, IT security has been the sole responsibility of IT departments. The growth in dependence on technology, however, and the digitalisation of banking has increased risk and therefore the importance of security.

Since 2005, there have been over 5,810 major data breaches (over 32,000 records), totalling over 850 million records, according to the Identity Theft Resource Centre. The typical business response has been to build ever higher walls around data. Greater protection is necessary, but this approach alone fails to recognise the potential existence of spies inside the walls, or the impact of a sleeping sentry.

The fact is, insider breaches are far more common than you would imagine. Research from PWC along with the Department for Business Innovation and Skills found 58 percent of large organisations suffered staff related security breaches in 2014, compared to 24 percent detecting outsiders penetrating their networks. Regular financial audits are a key part of the business calendar to ensure money is kept track of, but in an age where data can just as easily be removed illegally by staff, it should be audited too. Key to auditing in cyber is introducing access management, regular reviews and ensuring staff share data safely and appropriately.

Access Management

Understanding where data is being held and critically who can access it is essential to maintaining security. Statements from ex Ashley Madison CEO Noel Biderman last summer, revealed that their 37,000 record breach was the result of a contractor with too much privilege, going rogue.

Managing access as part of regular cyber audits can help to implement the principle of least privilege, ensuring no single individual can see any more data than totally necessary to complete their day to day role. The benefit of this is that if an individual does decide to steal information, there will be a limit on what they can take, so any damage will be much less significant. Regular audits of information can also help to identify what data has been breached a lot faster. With the knowledge of precisely what data a specific person has access to, managers will be able to spot the insiders who have committed malpractice in just a few clicks.

Implementing access management as part of regular audits actually isn’t particularly complicated either, with the right technology, data analysis can be automated, access rules evaluated and risks identified quickly.

Reviews

A key part of auditing data and ensuring access management achieves its desired aims is regular review processes. If someone moves job, their access needs to be altered, and if someone can see something they shouldn’t this must be quickly flagged. Traditionally the process has been a laborious one, involving a manager auditing thousands of pieces of information manually to deter who should and shouldn’t be able to see specific files and datasets. The time consuming nature of the approach has meant that more often than not, issues are missed or the process isn’t completed.

Taking an analytics approach to auditing in cyber, using the data you’re trying to protect to inform the review process is a very efficient way to manage risk, and is actually very easy. Analytics tools can identify areas where an individual might have too much access and send only these risky entitlements to a manager to manually examine.

Auditing data by employing access management and review processes will help organisations to take control and reduce the greatest threat to the enterprise, insiders. We’ve found this can be further supported by discouraging malpractice, highlighting the consequences of a data breach and introducing clear company-wide policies and rules, such as outlawing the use of personal file servers and email accounts.

Following ten years that have seen over 5,000 data breaches, the majority of which were caused by insiders, organisations need to fast examine their internal policies and keep better track of information. Ultimately, security breaches will happen, but regular auditing in cyber can help to limit their impact. By managing access and introducing a regular review process, the principle of least privilege will be maintained, which in turn will reduce the ability of cybercriminals to commit the damaging criminal acts so many organisations have struggled to combat in recent years.

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts