On the night of August 24, 410, an army of Visigoth warriors slipped into Rome through the Salarian Gate and proceeded to burn and plunder the great walled city for three days. It was the first time in nearly 800 years that Rome had fallen to a foreign enemy, and historians often cite the event as marking the end of the Western Roman Empire.
It only happened because disgruntled insiders opened the gate for the invaders.
That’s a history lesson that modern network security professionals should keep in mind. While IT security has long focused on securing the network perimeter, it is becoming increasingly clear that some of the top threats come from inside an organization. According to the 2017 Verizon Data Breach Investigations Report, insider threats account for 25 percent of breaches. An IBM X-Force Research report says it could be as much as 60 percent.
What’s more, insider attacks are among the costliest breaches because they often take months or years to detect, giving malicious actors ample time to damage systems and steal valuable data. The longer the attack is active and undetected, the higher the cost to the organization.
While some insider threats are malicious or criminal in nature, many are the result of careless or inadvertent actions by well-meaning employees, contractors or business partners. Breaches often result when employees unintentionally mishandle sensitive data or commit policy violations with “work-arounds” that bypass cybersecurity processes. Common behaviors known to create risk include failing to log off computers, sending files to personal email accounts, downloading data to an external drive and writing down passwords.
Given the staggering costs of insider-related security incidents, organizations must take steps to mitigate that risk. Employee education programs, risk management plans and security best practices can go a long way toward preventing insider threats.
Modifying behavior through education and policy isn’t enough, however. Organizations must also have the right security tools to prevent breaches and identify potential vulnerabilities. A good approach is to deploy a unified threat management (UTM) platform — an all-inclusive security product able to perform multiple security functions within one single system.
Typical UTM solutions include a numerous perimeter security measures such as firewall, intrusion protection and detection, antivirus and anti-spam. However, they also provide strong access control features to minimize insider threats. UTM appliances allow creation of network access policies for individual users, delivering visibility and control on the network activities.
UTM solutions also can include data loss prevention (DLP) capabilities. This feature examines outbound network communications such as email and file transfers, as well as activities such as copying files to removable media. DLP scans will generate alerts if any of these activities violate company policies.
Content-filtering features provide another level of protection. These features scan web applications, identify malware signatures and examine instant messaging and email to protect against data leakage.
If insiders could bring down the Roman Empire, you shouldn’t underestimate what an insider can do to your network. It is well-documented that security breaches resulting from insider actions can have devastating effects on a company. Verteks can help you address these threats with procedures and tools that give you strong control over network access and usage.
