How To Stop Insider Threats

Savita Raina

As digital innovators and business model and process disruptors, today’s CIOs have many critical areas of focus. The modern CIO needs to guide colleagues on how to leverage a full range of new technologies, including the Internet of Things, Big Data, cloud computing, and analytics.

One area that increasingly requires the CIO’s attention is data loss from internal players. This is a high-risk issue that can lead to the loss of data, revenue, and credibility, and CIOs must take steps to prevent intrusions before they occur.

Whether or not internal actors are maliciously stealing secrets, strategic plans, proprietary data, and customer information, combatting these issues often relies heavily on robust data management and internal resources committed to looking for and identifying data loss.

McAfee study shows scope of loss

The study, by noted anti-virus developer McAfee (now a part of Intel Security), revealed that 43 percent of exfiltration attacks came from internal actors. Half of those losses were intentional. In the study, internal actors are defined as employees, contractors, and third-party suppliers. These internal players most frequently use physical media rather than electronic extraction.

The analysis also shows that internal theft is linked to 50 percent of all data loss in Asia, 41 percent in North America, and less than 40 percent in the United Kingdom.

Among the data taken by internal actors, 33 percent is employee information, 32 percent is customer information, 15 percent is intellectual property, 14 percent is other financial information, and 11 percent is payment card information. For companies, these risks can manifest in several ways, from the loss of critical market-leveraging information to the loss of customer and employee confidence and trust.

Tips for protecting data

Experts recommend that companies have comprehensive data management plans that use the following approaches to detecting internal theft:

  1. Find usage patterns. Companies should look for large data uploads to third-party sites such as Dropbox, frequent USB drive usage, and irregular server downloads. If an employee who usually accesses only a few specific assets, or none at all, suddenly begins a new access pattern, there may be an issue.
  1. What’s new. New user activity not exhibited in the past may indicate a problem.
  1. Look at logs. Logs are a powerful tool for auditing and detection. Domain Name System (DNS) and host-to-host authentication logs can act as triggers for suspicious activity. Looking at third-party software logs from products like Endpoint and Active Directory can also help identify red flags.
  1. What’s off the grid? Sometimes the best clues are not digital. Is an employee suddenly working unconventional hours, logging onto systems at off-times, making international trips, attempting to add hardware or software, or showing a change in attitude? Each of these actions could indicate deception. The U.S. Federal Bureau of Investigation has issued some helpful guidelines to watch for.

Some inside actors unwittingly leak data by exposing their computers to malware, losing devices, or leaving a device accessible. Whether these threats are intentional or not, being prudent about data is imperative for companies of all sizes.

The CIO’s role

The CIO plays a critical role in ensuring that data is secure and processes are in place to combat internal threats. The CIO should be sure that key players—IT, human resources, counsel—are working together to protect data and remain in compliance with regulations and policies. A CIO should also know what areas are most at risk, develop swift remediation plans, and ensure those plans are deployed quickly.

Powerful tools are available for the CIO to ensure monitoring and detection protocols are in place. In the boardroom and the C-suite, CIOs should play an integral role in maintaining security and boosting confidence in transformational innovation.

For more cybersecurity best practices, see Cloud Vs. On-Premise: Which Is Better For Cybersecurity?


Savita Raina

About Savita Raina

Savita is the Sr. Product Marketing Manager for SAP Cloud Platform and has +10 years of direct work experience working in high tech industry. She has a diverse set of experiences that span from engineering design & product development to pre-sales, product and audience marketing functions. In prior roles at SAP she has been responsible for defining and delivering audience messaging, value proposition, and thought leadership content for the IT line-of-business. Prior to SAP, she has worked at Proofpoint, MKS Instruments and Oerlikon. She holds an MBA from Santa Clara University and MS in Electrical Engineering from New Jersey Institute of Technology.