Combatting insider threats
Combatting insider threats

Everyone agrees that combating cyber threats is a business priority. Unfortunately, many enterprises focus their efforts in the wrong areas. So, here's my five-point reality check:

Bad actors want your sensitive data, and their methods get more sophisticated by the day. They are targeting your privileged users via phishing and social engineering, and they're staying one step ahead.

You must assume your perimeter has been compromised. Period. According to a recent Mandiant report, 100 percent of data breaches had up-to-date perimeter security. Unfortunately, the perimeter changes at the speed of business. You can't thwart a drone strike by strengthening your moat.

You must turn your approach to securing data inside out. Literally. The way to combat insider threats (including bad actors endeavoring to exploit privileged users) is to create a defense-in-depth strategy that begins with the data, layers security outward from there and places checkpoints along the way. 

The ability to “watch the watcher” is imperative. It used to be “trust but verify.” Now it's “plan and verify.” Decide who should be able to see what data under which circumstances, and verify that is what's happening. You may not have a rogue insider in your organization, but getting privileged user credentials is bad actors' top objective. Most enterprises control who gets access, but don't control what they can do after access is granted. Huge mistake.

You must make your infrastructure blind to the data. It is high time to split the responsibility of systems management and data access management. Smart enterprises take data access decisions away from privileged users and give them to the infosec personnel. 

Insanity is doing the same thing over and over again, expecting a different result. We must stop the insanity by focusing on the data and controlling privileged user access.