The majority of data breaches start with employees.
Earlier this week, Sage Group reported that it was the victim of a data breach, which targeted the personal details, such as salary and bank account information, of roughly 280 of its British employees.
The Sage data breach was the result of unauthorized access to company’s system via internal login (i.e., someone inside Sage logged in to the system with a password they should not have had.) On Monday The City of London Police reported that they had detained a female Sage employee at Heathrow airport on suspicion of conspiracy to defraud.
Although data leaks due to sophisticated hackers dominate the news, internal threats, such as negligent or malicious employees, account for far more issues.
A recent Forrester study shows that the majority of data breaches, 61%, start with negligent or malicious employees. Negligent employees account for 36% of data breaches. This could include a stolen iPhone or an employee replying to scammers. Malicious employees account for an additional 25% of all data breaches, as in the case of the Sage data breach.
61% of data breaches start with negligent or malicious employees, as in the case of the Sage data breach.
The Current State Of Cyber Security
Currently, network and data security operate much like that of an office high-rise. The network perimeter is fortified with strong walls, locked doors and maybe even a prox card reader. However, once those fortifications (Firewall, Anti-virus, Spam Filter, etc.) are breached the invaders have access to all of the spoils inside.
These defenses are no longer adequate as they are all reactive to attacks based on known previous exposure. Today’s cyberattacks aren’t limited to specific and repeated methods. Many use a mix of programmatic and social engineering to wreck havoc.
A number of organizations like Sony, Target and the DNC are finding out the hard way that the current method of protecting data is useless against keeping out today’s increasingly sophisticated and determined hackers. In addition, there is nothing in place to address data breaches occurring inside company walls, as in the case of Sage data breach, either due to human error or malicious employee activity.
If organizations are having this much trouble securing data within their walls, what does that mean for the data that leaves those walls? Well, no one has ever expected that could be protected. Once the treasures have left the building’s fortifications, organizations have come to accept that their data is simply at the mercy of anyone it comes in contact with.
But, it really doesn’t have to be that way.
Today’s defenses are no longer adequate as they are all reactive to attacks based on known previous exposure and do little or nothing to protect against internal threats.
The Solution: A Multi-layered Approach To Cyber Security
So, what would have prevented the Sage data breach?
First, organizations must move away from the perimeter defense model and begin securing the data itself. Instead of building stronger walls and better locks, each piece of data must be seen as separate and valuable, and then encrypted and protected accordingly. By securing data at the data level organizations benefit from pervasive and persistent data security wherever that data travels, even across domain boundaries.
In addition, zero-knowledge privacy is critical. This means that only the user ever has access to the encryption keys. Unless the user is the only one holding the keys to their data, encryption is meaningless. Currently, many security providers store a user’s encryption keys, giving the security provider access to a user’s data. Essentially, zero-knowledge privacy ensures that employees only have access to the files they have been given authorization to view.
In the case of the Sage data breach, a strong identity management system should have been made a cornerstone of the organization’s cyber security strategy. Multi-factor authentication creates a layered identity management defense. In order for a user to access data, two or more credentials must always be entered – this could include a password along with biometric verification or a security token. So, even if the malicious Sage employee had a password she should not have had, she still would have needed the proper fingerprint to access the system.
Finally, after all of an organization’s files are secure and encrypted, the issue of negligent or rogue employees with legitimate access to data must be addressed. How can a corporate network with billions of files possibly monitor that much data? That’s where User Behavior Analytics steps in. It monitors user behavior patterns by algorithmic methodologies and is more commonly known as Artificial Intelligence.
Organizations that are truly looking to secure their data must look beyond today’s dated and ineffective methods or risk being left vulnerable to attack. For true cybersecurity that is up to the task of combating today’s complex security issues, organizations must combine data encryption, with zero-knowledge privacy, identity management and user behavior analytics.
To learn more about how Mice 360 protects all connected devices and offers full cyber security for the Internet of Things contact us today.