iscover
Michael BovalinoShare this article on:
Powered by
MOMENTUM
MEDIA
Of all the changes that have occurred as a result of the global COVID-19 pandemic, one of the most significant has been the decision taken by many people to switch jobs, Michael Bovalino of LogRhythm writes.
Frustrated by restrictions and the requirement to work from home, workers are handing in their resignation and looking for new opportunities. Rather than being a short-term trend, it’s something that’s likely to continue for some time.
While the trend has significant implications from an HR perspective, it’s also causing challenges when it comes to IT security. Organisations need to be sure that staff who are leaving are not taking sensitive data with them.
Managing insider risk
To achieve this goal, organisations need to have in place tools that can monitor the movement of data and whether it is being accessed by people without the authority to do so.
First is a cloud access security broker (CASB) which sits between cloud platforms and the users who are accessing them. It can continuously monitor data movement and flag any incidents that appear to be unauthorised or unusual.
The second tool is data loss prevention (DLP) software. DLP detects potential data breaches and exfiltration transmissions and prevents them from being completed. It can ensure that users cannot send sensitive or critical information outside a corporate network.
Enterprises can also review profiling and deviations from normal behaviour leveraging user and entity-based analytics (UEBA) tools. These tools make use of the rapid advances being made in artificial intelligence and machine learning to assist security teams in overcoming the challenge.
The most effective need to be able to detect and respond to three key things: insider threats before fraud is perpetrated, compromised accounts before more systems are taken over, and privileged account abuse before sensitive data is accessed or operations are affected.
All these tools should be used in conjunction with a defined corporate governance framework. This should incorporate staff training to ensure that everyone understands the rules around proper use of company resources and data.
The framework should also establish acceptable procedures for data use and movement as well as an escalation process that is followed should misuse be identified. As well as the IT team, this will involve senior managers, HR, and legal teams.
The evolution of protection
During the past decade, the challenge of protecting data from insider threats has evolved. Where initially attention was focused on protecting in-house resources, it has now shifted to include data stored on a range of cloud platforms and endpoints.
This has changed the game for security teams. Rather than focusing on establishing a secure perimeter within which data is protected, they need to deploy rules and tools that offer protection for data regardless of its location.
The security challenge is increased further because unauthorised data usage is not always caused by malicious parties. Often, staff can unintentionally misuse data by sharing files externally or leaving them stored on an unprotected device.
Some threats are also caused by departing staff who may be looking to achieve a personal gain. This could be by sharing sensitive data with a new employer or offering it to a third party for financial compensation.
For this reason, continuous and comprehensive monitoring of data movement is needed. Such monitoring is vital if the risks posed by staff movement are to be eliminated.
Improving insider risk management
An effective insider risk management strategy needs to comprise four distinct stages. Together, the phases can reduce the likelihood that sensitive data will be exposed outside an organisation. The stages are:
By taking these steps, organisations can be in a much better position to withstand the security challenges posed by the “great resignation”. While staff changes are likely to continue for the foreseeable future, data security can be maintained.
Michael Bovalino is the ANZ country manager of LogRhythm.
Be the first to hear the latest developments in the cyber industry.
