The role of the CISO has dramatically evolved in recent years due to the increased interconnectivity of business networks, with more people having access to company data than ever before
Today, cybercriminals have scaled their attacks as demonstrated in wide scale data breaches this year such as the NSA and Equifax. To thwart such attacks, CISOs are turning focus inward to data security of the greatest risk to their organisations – insiders.
According to a Ponemon report, insider threats cost organisations $4.3 million dollars a year on average. In fact, the IBM X-Force Cybersecurity Report cites that 60% of all cyber security attacks are caused by employees inside an organisation, 44.5% being malicious insiders and 15.5% being inadvertent actors.
>See also: Plain sailing: a smooth journey for the CISO towards GDPR compliance
When it comes to defending against today’s most advanced cyber threats, there are some must have capabilities a CISO must have to protect their organisation’s data from the inside out:
Who has access?
The first step in protecting an organisation’s data is o protect an organisation’s data, one should first know who has access to it. Business networks now include third-party contractors and business partners who may have unnecessary access to company data. CISOs must have the capability to discover and centralise unknown or poorly known users that may pose threat to the organisations data. Once identified, users can now be governed through policy, activity, monitoring, and training.
Monitor and audit
Any savvy CISO should have the ability to proactively monitor user activity to identify compromising employee behavior. Insider threats come in many forms – from an employee sharing credentials to a departing employee looking to take data to a competitor.
>See also: The GDPR is not all doom and gloom
Mission critical applications should be monitored to oversee who is accessing what information. Access to sensitive information, such as trade secrets, consumer information, and payment card data makes insiders a particular threat to the organisation. When monitored, users can be trained or sanctioned.
User behavioral analytics considers employee’s past behavior to predict future behavior. Behavioral analytics detects and flags user anomalies. In conjunction with monitoring efforts, implementing behavioral analytics can predict and prevent breach incidents.
According to Ponemon’s 2017 cost of a data breach study, the faster a security incident of data breach is identified and contained, the lower the costs to the organisation. With user behavioral analytics, security incidents can be contained before they evolve into a full-blown breach.Moving into 2018, the role of the CISO will be more important than ever. With the proper capabilities and technology, CISOs can secure their organisation from the inside out to defend against insider threats and associated damages. Sourced by Kurt Long, founder and CEO of FairWarning