Sr. Security Analyst
Apr 22, 2016
The infamous Panama Papers, also known as Mossack Fonseca breach, is by far one of the largest data breaches on record with over 11 million documents released without authorization. While the law firm’s ethical behavior remains a critical question, the poor security and data integrity practices revealed within Mossack Fonseca & Co. exposed one of the largest tax evasion scams known. While the seismic scale of incidents like these is comparatively rare, the circumstances of the breach which caused it are not. According to the 2015 Vormetric Insider Threat Report, only 11% of employees feel their organizations are secure from insider threats and 93% of them advocate advancement of their security systems to curb insider threats.
In today’s world of fast-evolving technologies, the comprehensive responsibility for organizations to safeguard critical information systems from cyber-attacks has proven to be a complex and exacting task. In the USA alone 1 in 5 organizations reported they experienced a data breach in the last 12 months. To assure seamless security, organizations must not only be properly vigilant to protect their systems from outside attacks, but from insider threats too. Employees, contractors, and other insiders, could pose a substantial threat to organizations by virtue of their knowledge of and access to their employer’s systems, as well as their ability to bypass existing physical and electronic security measures through legitimate means. Because of a reluctance to divulge confidential sensitivities, efforts to estimate how often companies actually experience attacks from within are difficult to make. Just as Mossack Fonseca still maintains that the leak did not come from one of its employees. It is also believed that insider attacks to organizations are often under-reported to law enforcement agencies.
A survey conducted by the CERT Division at Carnegie Mellon University states that 40% of organizations experienced a data breach or failed a compliance audit. The survey was based only on the number of organizations reporting failed data breach audit procedures. In reality, however, the percentage of actual data breaches is much higher. Organizations sometimes do not report a cyber-attack, fearing negative publicity or increased liability that may arise as a result of these incidents.
Based on the analysis performed by the CERT Division, most incidents reported, especially in the financial and banking sector, required minimal technical skills to carry out and were perpetrated by non-technical personnel with little computer knowledge or training. This suggests it is critical for organizations to secure their networks from the full range of their users – from individuals responsible for data entry, to management, to system administrators, and more. Organizations’ options and capabilities to contain this problem will remain severely limited in addressing insider threats if a narrow focus on data persists. However, concrete and proven solutions exist for organizations, if leadership views the challenges broadly and recognizes insider threat is fundamentally a user behavior issue.
An improved approach to the problem involves monitoring user activities rather than employing the blunt force rules of limiting or rejecting an action. A close examination of user behavior will spot trends so an analyst can cut through a cacophony of alerts, precisely determine the situation, and immediately take targeted and effective action to stop an insider threat. User Behavior Analytics (UBA) provides the ability to scale data science and employs next-generation machine learning to address this challenge. Read more about UBA: http://gurucul.com/solutions/user-entity-behavior-analytics-ueba.