While in my previous blog posts I’ve shown that data breaches are usually the result of hackers remotely attacking companies, such situations are not always the case. If fact, according to the 2019 Verizon Data Breach Investigation Report, 34% of breaches are a result of “internal actors” from within the company. Consequently, because internal actors have more authority and power than hackers, solving the problem through security software won’t prove to be useful. Thus, if security software won’t fix the problem, what can you do to curb employees from releasing personal data of your clients?
Because an internal actor could be a co-worker or even a boss, it is difficult at times to place the finger on them. Lisa Forte, a cyber threat specialist at Red Goat Cyber, argues that the current procedures of many companies places too much priority at stopping “outsiders and not insiders”. Still, instead of actively looking for suspicious employees, Forte argues that the best form of prevention is through training and “deterring people in the first place”. Though while training might seem like a good solution, personally, I would have to disagree with Forte.
While training your employees might help them uncover and report an internal actor at work, I argue that not much could be done when the internal actor is malicious and at home. In other words, no matter how hard you monitor your employees, you cannot watch them at home. According to the 2019 Varonis Data Risk Report, 17% of all sensitive files can be accessed by every employee in a company. Thus, an internal actor who brings their laptop home would have the freedom to do anything they want with the data with the assurance that no one is watching them. So what can you do then? What I believe could be done in these situations is a software that gates access to the data and logs each time a company employee accesses it. This software would work with hardware in the office to unlock the database only within the registered proximity. As a result this would make the data more difficult to steal unnoticed and make the actor reconsider their actions. Thus, through the presence of other people at work and the thought that one’s actions are recorded, individuals would be less tempted to steal data.
Still, while at times the insider actor’s intentions are malicious, it is not always the case. To Dr. Richard Ford, Chief Scientist at Forcepoint, “most insider threats are perfectly well-meaning employees” who do “something foolish or get convinced to do something foolish” that results in a breach. Ford explains many people are “accidental insiders” who perform rookie mistakes such as giving credentials to the wrong people. Ford suggests that in this case, the best option would be to train individuals to make sure such mistakes dont happen. In this case, I would have to agree with Ford.
Unlike Forte’s suggestion that requires training to serve as a threat for insider actors, Ford advocates training for those who are new to the industry. Though, to add to Ford’s solution, I would have to say that while training may certainly help, those who are willing to hand out high-value credentials to strangers should not be in the position to handle important data. Wouldn’t such a thought be common logic? Thus, to prevent internal actors whether malicious or accidental, I would propose that frequent screening should take place. This will dynamically shift the certification within companies on who is responsible and clear to handle confidential data. Additionally, in between the screenings, by monitoring logs companies would have additional warnings to spot bad actors.
Thus, my digital and physical solution to stopping most internal actors would greatly help you. Ford would most likely support my idea of screening as this would stop rookies from having access to valuable data. Additionally, Forte would mostly accept my extension to her idea that proximity and logging software would help cover the limitations to strictly training employees. Ultimately, through a combination of our ideas, the threat of internal actors at your work would diminish.
Data Breaches 