SafeGuarding Critical Data:
Today’s headlines confirm the potential outcomes of ineffective IT security systems. Companies are suffering serious consequences – from stolen customer data and intellectual property to powerful viruses and other malware. Not only are business operations interrupted, but corporate security failures are leading to damaged business reputations, lost revenues, sizeable costs, and often lost jobs for individuals held accountable. In addition, increasing privacy and security regulation presents a complex challenge for organizations that must secure massive amounts of data, monitor complex applications, and manage large numbers of users.
To manage threats to the enterprise and successfully meet compliance challenges, organizations need a comprehensive security strategy that can successfully do battle with inside as well as outside threats. Today, companies are increasingly leveraging security information management (SIM) solutions to build a clean, concise, and manageable process for dealing with the tremendous volumes of raw security information from disparate devices, applications, and databases. With the right SIM solution, this correlated security data can be transformed into actionable security intelligence, providing a sound risk management platform while helping companies manage and maintain compliance.
“After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number…Although studies may not be able to determine the exact cost of a security breach in your organization, the loss of sensitive data can have a crippling impact on an organization's bottom line.” – Khalid Kark, Senior Analyst, Forrester Research
The Evolution of Threat Management Strategies
In the past, organizations have focused their security efforts on stopping external threats by deploying an array of security solutions, including firewalls, IDSs/IPSs, antivirus software, DoS prevention systems, secure router configurations, and vulnerability scanners. SIM evolved when network managers were becoming overwhelmed with volumes of diverse data generated by these solutions. SIM allows organizations to leverage existing resources to achieve new efficiencies while increasing the security of the enterprise by protecting the network from external threats. Yet despite the huge investment made in these security technologies, data leakage and inappropriate user activity from inside the enterprise have become a more daunting and often more complex challenge, forcing organizations to reconsider their approach to managing risk from the inside.
Now the challenge of risk management and compliance has shifted to protecting customer, patient, and other valuable corporate data and applications at the core – compelling companies to address the explosion of threats that are now originating inside the organization. In fact, according to Gartner analyst Richard Hunter, “more than 70 percent of unauthorized access to information systems is committed by employees, as are more than 95 percent of intrusions that result in significant financial losses.”
The Increasing Problem of Inside Threats
Inside threats are by some accounts the most difficult security threats to resolve. Why? Because identifying the motives of those behind interior threats can present particular challenges to security organizations. Individuals sometimes deliberately try to access proprietary data, while others inadvertently access and even unintentionally distribute sensitive information. Additionally, given the sheer volume of internal data transactions, prioritizing the real threats without an automated solution is virtually impossible. The following shows some of the many types of inside threats plaguing today’s businesses and gives examples of how they are executed.
Malicious Activity – Theft or Destruction of Data
- Identity Theft – An employee accesses and steals information such as a customer’s social security number, birth date, or mother’s maiden name.
- Confidential Data Theft – A user browses database records and copies them onto a USB drive or e-mails them to his personal address.
- Phishing – An attacker creates a valid-looking, but malicious web page to convince users to enter a password or personal data.
- Unauthorized Access – An application developer connects from his desktop using a generic ID. Another user begins a session from an unauthorized client.
- Data Destruction – An employee accesses an HR database and destroys valuable company intellectual property.
- Financial Fraud – An employee changes his salary, intentionally creates an unauthorized PO, or issues a fraudulent check.
- Social Engineering Attack – An attacker fools the help desk into giving him a colleague’s password.
