October 24th 2013
While employees are often considered among the business world's most prized and crucial assets, individuals can also pose a major risk to organizations as a whole. The insider threat is a real challenge for organizations, especially when decision-makers do not necessarily monitor access to mission-critical information, applications and other resources.
The truth is that most people are curious and will push the limits of their capabilities, which poses serious data protection risks for most companies. These findings were highlighted in a BeyondTrust survey, which found that 28 percent of respondents said they are guilty of acquiring data that is not relevant to their position. Furthermore, the study revealed that approximately 44 percent of employees have authorization privileges that are not necessarily related to their particular position.
"Allowing any employee unfettered access to non-essential company data is both unnecessary and dangerous and should be an issue that is resolved quickly," said Brad Hibbert, executive vice president of product strategy at BeyondTrust.
Because at least 80 percent of decision-makers think that it is at least somewhat likely that employees access sensitive data that should be out of their reach, it is clear that new information protection strategies need to be developed and launched.
Control access to mitigate risk
The ongoing proliferation of mobile devices and lack of proper endpoint protection strategies will likely make the insider threat even more dangerous. In fact, more than three-quarters of executives believe the risk to their companies posed by over privileged users will increase during the next few years.
An InformationWeek report highlighted how monitoring used to be implemented solely for maintaining network and other system performance levels, though the tools also provide an innovative opportunity in the security landscape. This is because actively monitoring sensitive areas of any digital environment will provide decision-makers with insight into who is accessing what, why they are doing so and how they are getting away with it.
InformationWeek noted that behavioral anomaly detection is one of the most direct ways organizations can combat the insider threat, as this capability allows executives to recognize when certain users deviate from the norm for whatever reason.
As the proliferation of mobile and cloud solutions continues to disrupt the workplace, IT directors will be charged with the responsibility of keeping peace throughout the digital landscape, which will mean isolating any anomalous activity, regardless if the users behind such actions are insiders or not.
Articles from Larry Keating's (CEO, NPC) guest blog on the Huffington Post Business pages