Incident Response, TDR

Combatting insider threats

Everyone agrees that combating cyber threats is a business priority. Unfortunately, many enterprises focus their efforts in the wrong areas. So, here's my five-point reality check:

Bad actors want your sensitive data, and their methods get more sophisticated by the day. They are targeting your privileged users via phishing and social engineering, and they're staying one step ahead.

You must assume your perimeter has been compromised. Period. According to a recent Mandiant report, 100 percent of data breaches had up-to-date perimeter security. Unfortunately, the perimeter changes at the speed of business. You can't thwart a drone strike by strengthening your moat.

You must turn your approach to securing data inside out. Literally. The way to combat insider threats (including bad actors endeavoring to exploit privileged users) is to create a defense-in-depth strategy that begins with the data, layers security outward from there and places checkpoints along the way. 

The ability to “watch the watcher” is imperative. It used to be “trust but verify.” Now it's “plan and verify.” Decide who should be able to see what data under which circumstances, and verify that is what's happening. You may not have a rogue insider in your organization, but getting privileged user credentials is bad actors' top objective. Most enterprises control who gets access, but don't control what they can do after access is granted. Huge mistake.

You must make your infrastructure blind to the data. It is high time to split the responsibility of systems management and data access management. Smart enterprises take data access decisions away from privileged users and give them to the infosec personnel. 

Insanity is doing the same thing over and over again, expecting a different result. We must stop the insanity by focusing on the data and controlling privileged user access.

Sol Cates

Sol Cates is the Principal Technologist, Solutions Architect , and Expert of Cloud and Cyber at Thales Cloud Security, where he leads advanced technology, entrepreneurship, architecture, and transformation programs. As a former CTO, CISO, CIO, architect, and hands-on innovator Sol has a unique perspective on how technology, people, process and leadership impact how successful teams can solve real-world problems. Having been a leader in technology, cyber, and cloud for over 25 years, Sol is an advisor to many organizations around the world, tech giants, governments, and other global enterprises. – “Never let a good problem go to waste”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.