Publications

Follow us on social media

Insider threats: to find and neutralize

9 September 2015

Reports about security incidents have become as common as weather forecasts. At the same time, there is a clear trend concerning the fact that the number of incidents involving employees is constantly growing. Insiders can cause much more serious damage than intruders outside a company can, because they have much more opportunities to gain access to confidential data. The effects of such incidents, when sensitive information leaks to third parties, include financial losses, up to loss of intellectual property and business itself, reputational harm and loss of customer confidence. Growing popularity of social media also contributes much to security incidents – they provide lots of opportunities for criminals to find insiders and use them to access critical data, not to mention the fact that an employee may simply post some confidential information on their Twitter or Facebook account.

At the same time, according to the annual Verizon 2015 Data Breach Investigations Report, the reason for 55% of incidents was so-called privilege abuse, when the main source of information leakage were employees in whom a company had placed trust and who were given access to important corporate data with the expectation that these data will be used for the intended purpose only. Unfortunately, insiders, who are not controlled by security systems implemented into corporate network, tend to abuse the trust placed in them. Such employees have become the most cited perpetrators of cybercrime. Insider threats are more damaging and costly than incidents committed by outsiders. Yet many companies do not pay enough attention to the problem, do not have necessary security policies and tools to control privileged insiders, and are therefore not prepared to prevent, detect and manage incidents caused by them.

In fact, practice when activities of trusted employees (unlike the activities of their colleagues) are not monitored via security software turns out to lead to incidents when these employees sell confidential data to competitors, use it for their own interests, or, in the end of the day, harm the organization unwittingly, inadvertently sending sensitive info to the wrong email.

The problem also lies in the fact that most of modern conventional DLP software products are customized so that they do not actually analyze the activities, content and recipients of information transferred by employees who are trusted by their company. While information security and protection against internal threats software, such as Falcongaze SecureTower, solves this problem hitting right in the bull's eye.

SecureTower captures and analyzes network traffic including e-mails with attachments, conversations and calls in IM, posts in social media, uploads and downloads from cloud storages, documents sent to USB devices and much more. All intercepted traffic and user activity data (records of user working time, the exact time spent by users on each website, applications launch and time of their active use and other indications of job contribution) are saved to a database, which makes it possible to investigate any incident in retrospective. Comprehensive information security system SecureTower allows to analyze corporate business processes and identify patterns that indicate a violation of the security policy, even if it is committed by an employee whose work with sensitive info is a part of everyday activity.

Use of SecureTower helps to protect a company from internal threats and give a confidence in its employees and in the future. After all, the proverb First try and then trust fits best for businesses of every kind.