Reports about security incidents have become as common as weather forecasts. At the same time, there is a clear trend concerning the fact that the number of incidents involving employees is constantly growing. Insiders can cause much more serious damage than intruders outside the company can, just because they have much more opportunity to gain access to confidential data.
The effects of such incidents, when sensitive information leaks to third parties, include financial losses, up to loss of intellectual property and business itself, reputational harm and loss of customer confidence. Growing popularity of social media also contributes much to security incidents - they provide lots of opportunities for criminals to find insiders and use them to access critical data, not to mention the fact that an employee may simply post some confidential information on their Twitter or Facebook account.
At the same time, according to the annual Verizon 2015 Data Breach Investigations Report, the reason for 55% of incidents was so-called privilege abuse, when the main sources of information leakage were employees in whom a company had placed trust and who were given access to important corporate data with the expectation that these would be used for the intended purpose only.
Unfortunately, insiders, who are not controlled by security systems implemented into corporate networks, tend to abuse the trust placed in them. Such employees have become the most cited perpetrators of cyber crime. Insider threats are more damaging and costly than incidents committed by outsiders. Yet many companies do not pay enough attention to the problem, do not have necessary security policies and tools to control privileged insiders, and are therefore not prepared to prevent, detect and manage incidents caused by them.
In fact, when activities of trusted employees (unlike the activities of their colleagues) are not monitored via security software, it turns out to lead to incidents when these employees sell confidential data to competitors, use it for their own interests, or, at the end of the day, harm the organisation unwittingly, inadvertently sending sensitive info to the wrong e-mail.
The problem also lies in the fact that most of modern conventional DLP software products are customised so they do not actually analyse the activities, content and recipients of information transferred by employees who are trusted by their company.
Information security and protection against internal threats software, such as Falcongaze SecureTower, solves this problem, hitting right in the bull's eye.
SecureTower captures and analyses network traffic, including e-mails with attachments, conversations and calls in IM, posts in social media, uploads and downloads from cloud storage, documents sent to USB devices and much more. All intercepted traffic and user activity data (records of user working time, the exact time spent by users on each Web site, application launches and time of their active use, and other indications of job contribution) are saved to a database, which makes it possible to investigate any incident in retrospective. Comprehensive information security system SecureTower allows users to analyse corporate business processes and identify patterns that indicate a violation of the security policy, even if it is committed by an employee whose work with sensitive info is a part of everyday activity.
Use of SecureTower helps to protect a company from internal threats and gives confidence in its employees and in the future. After all, the proverb: 'First try and then trust' fits best for businesses of every kind.
Share
Editorial contacts