It’s a new year, and it’s time to start putting into action your 2018 plan for data protection. We often hear about malware attacks and data breaches; however, insider threats still continue to be an underappreciated and relatively unknown threat by businesses. A 2016 Ponemon Institute survey report stated that 62 percent of respondents had access to company information that they probably shouldn’t see. Only 9 percent of respondents to a 2015 SANS survey ranked their insider prevention methods as “very effective.”  The insider threat comes from several different angles – malicious or negligent – but the point still stands that approaching this threat is essential in your 2018 security plan.

To help you start the new year off right, we’ve reached out to top cyber security experts in the field to share their tips on insider threat prevention. This is the question we posed:

What initiatives should a company take in 2018 to prevent insider threat data breaches?

Meet our Panel of Cyber Security Experts:

Charles MuddJustin Lavelle
Steve DurbinLee Barrett
Andy Jordan
Keri Lindenmuth

Cyber Security Predictions for 2018: The Top Experts SpeakCHARLES LEE MUDD

Charles Mudd Jr. has represented businesses in privacy and technology related matters for nearly two decades. He serves as a Board Member of the International Technology Law Association as well as on the Section Councils for the Illinois State Bar Association’s Privacy and Data Security, Intellectual Property, and Business Advice & Financial Planning sections. He also teaches as an adjunct on issues of privacy, the Internet, and startups.

Top Initiatives to take in 2018 to prevent insider threat data breaches:

  1. Establish and/or enforce a password policy;
  2. Limit access to data to those with a need for access;
  3. Implement written policies and agreements with employees;
  4. Schedule and hold routine training sessions with employees to explain concepts and importance of security (this can also help their own privacy and security);
  5. Implement policies on BYOD;
  6. Complete a data security audit;
  7. Hire a consultant;
  8. Ask independent contractors and third party vendors about the efforts they employ;
  9. Update virus software;
  10. Maintain a regular update schedule for OS and applications.

Cyber Security Predictions for 2018: The Top Experts SpeakSTEVE DURBIN

Steve Durbin is managing director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

 

Top Initiatives to take in 2018 to prevent insider threat data breaches:

User Behavior Analytics (UBA) tools provide an important line of defense for identifying anomalous insider behaviors, while also helping identify external attackers who may be attempting to remain anonymous by masquerading as insiders. Every organization must invest in tools and techniques to strengthen their protection against the insider threat, particularly against malicious insiders who may now be able to initiate data breaches, while hiding their tracks. Those organizations that use or plan to use UBA tools will need to start preparations now.

Employees and negligence are the leading causes of security incidents but remain one of the least reported issues. The fightback starts not in the organization but with people and increasingly in the home. In 2018, more and more security professionals need to be re-assessing the risks to company data at a personal level – mobile/consumer devices, internet connected devices, cloud access and storage both inside and outside the corporate environment.

What is needed is the cultivation of a culture of trust. Cultivating this philosophy is likely to be the single most valuable management step in safeguarding an organization’s mission-critical information assets. After new employees have been satisfactorily screened, continue the trust-building process, starting with onboarding procedures, by equipping them with the knowledge and skills required of trusted insiders. Expectations of trustworthy behavior – and the consequences of non-compliance – should be made explicit from the outset. Over time, trust should remain an important factor in periodic performance reviews. Mechanisms for anonymously reporting suspicious workplace behavior should be made available to all levels of staff.

Above all, senior management must lead by example. Building a culture of trust around shared values, ethical behavior and truth begins at the top. Security awareness and the importance of cyber hygiene has to be regularly addressed in communications, trainings, and policies. Trust and ethics are increasingly important, not only to information security, but also to customer relationships, brand building, and competitiveness.

 

Cyber Security Predictions for 2018: The Top Experts SpeakANDY JORDAN

Andy Jordan is a Special Project Lead at Mosaic451, a managed services provider that focuses on maintaining and protecting critical IT systems. Jordan has built and managed multiple security programs for numerous large and small organizations throughout his 10-year career. He uses lean and agile methodologies to create demonstrable value within complex infrastructure and security programs.

Top Initiatives to take in 2018 to prevent insider threat data breaches:

Users are still users. The result of our humanity is that we all make mistakes. To combat this, we have started leveraging technology to help us make less mistakes. As we consider phishing attacks along with unsafe browsing habits, technology cannot prevent every mistake we might make.

Another rising trend is the evolution from “bring your own device” to “bring your own identity”. Cell phones that support both personal and professional lives are a perfect working example of this. A compromise to one side will likely impact the other. In the past, CISO’s and other executive leaders could draw a boundary for endpoint devices. Today, this approach will need to be rebuilt because a person’s digital identity cannot be easily segmented.

  • Ensure you’ve defined your organizational policies to include restrictions for the use of personal data and identity on organizational devices.
  • Create different and longer passwords for each service you use.
  • Use protective controls for email and web proxies.
  • Leverage software defined network segmentation to restrict untrusted devices from accessing trusted zones.

Cyber Security Predictions for 2018: The Top Experts SpeakKERI LINDENMUTH

KDG has been a leading small business IT support team for over 16 years. In addition to tech management, the company also provides web design, custom software development, and Zoho services.

Top Initiatives to take in 2018 to prevent insider threat data breaches:

Oftentimes, insider data breaches are due to an accident instead of malicious intent. In order to prevent these, it is important for companies to educate employees on strong passwords, phishing scams, and the disposal of old devices. Implement strong password regulations, stress the importance of never sending passwords or personal data over standard email, and make sure employees know how to completely wipe devices before disposing them. In addition, companies should screen employees and discover whether they’ve been a victim of identity/data theft in the past. This may make them more susceptible to data theft in the future.

Cyber Security Predictions for 2018: The Top Experts SpeakJUSTIN LAVELLE

Justin Lavelle is the Chief Communications Officer for BeenVerified, a leading source of online background checks and contact information. It allows individuals to find more information about people, phone numbers, email addresses, property records, and criminal records in a way that’s fast, easy, and affordable. The company helps people discover, understand, and use public data in their everyday lives.

Top Initiatives to take in 2018 to prevent insider threat data breaches:

  • Fake Invoice Scam. Invoice scams are invoices for goods and services you never ordered or received. These invoices may look genuine but are actually phony. Take the time to make sure that any invoice paid matches up to a purchase order or packing slip before paying. Limit A/P management to one employee that is well trained in how to close the loop.
  • CEO Phishing Scam. This scam works as follows-a brief, casual email arrives from a top executive or even the CEO of the company from the correct email address, with nothing appearing out of sync. The request is for the recipient to wire money to a certain account or share some other sensitive company information, such as employee payroll data. The scam often works because it plays off of certain corporate cultures; fellow executives may be used to such informal and terse communications between one another, while a request from a CEO made to a more junior employee may not garner any questions out of a sense of obedience.
  • Business Email Compromise Scam. Similar to CEO Phishing scams, the Business Email Compromise Scam targets businesses working with foreign vendors or businesses that regularly perform wire-transfer payments. The fraudster emails a phishing document to an intended victim via the address of a legitimate supplier and asks him to change the wire transfer payments of paying invoices. Once the link in the email is clicked on, it downloads malware on the computer and allows the fraudster to gain unrestricted access to personal information, including financial account data and passwords.

Cyber Security Predictions for 2018: The Top Experts SpeakLEE BARRETT

Lee Barrett has been Executive Director of The Electronic Healthcare Network Accreditation Commission (EHNAC) since its inception in 1993. A member of the HHS Cyber security Task Group and Chair of the National Trust Network Data Sharing and Cyber security Task Group, Barrett continues to work on key HIT industry initiatives that lay the foundation for health information technology.

Top Initiatives to take in 2018 to prevent insider threat data breaches:

  1. Today’s cyber criminal has evolved into a dangerous entity and presents a threat not just from external forces, but internally as well. As a result, organizations need to minimally conduct an annual risk assessment and asset inventory of their organization and map the data flow within their enterprise especially for Protected Health Information (PHI) in order to determine their risk in the event of a breach or cyber attack. Vulnerabilities and gaps identified as part of the risk assessment should be mitigated and there should be ongoing monitoring and remediation as organizations continually monitor their environments.
  2. Security frameworks and risk sharing need to be integrated into an organization’s infrastructure by implementing risk-mitigation strategies, preparedness planning, as well as adhering to the regulations created by the Office of the National Coordinator for Health IT (ONC), Office for Civil Rights (OCR) and the National Institute for Standards and Technology (NIST) which focus on Cyber security and Ransomware.
  3. BYOD protocols must be evaluated within security frameworks as they present a significant set of data security challenges. Cyber criminals can strike when employees, through their cell phones or tablets, connect into an informatics or data exchange –unintentionally or intentionally – infecting the enterprise infrastructure with malware.
  4. Assure that all enterprise software and firmware implement all version releases and updates as soon as they are made available to an organization.
  5. Organizations should also consider working with a third-party reviewer as they offer an extra level of independent scrutiny for risk management plans and procedures. Independent, third-party audits are also a common way that breaches are discovered, allowing fixes to be deployed more quickly. Additionally, organizations should assure that they are performing regular intrusion, penetration and phishing testing of their environment and either perform this function internally or by contracting with a third party that provides these services.

READ MORE IN THE SERIES:
Cyber Security in 5 Years: The Top Experts Speak
Top Job Habits Every Cyber Security Expert Should Adopt: The Top Experts Speak
Important Takeaways From the WannaCry and NotPetya Cyber Attacks: The Top Experts Speak
What Computer Security Experts Wish You Knew: The Top Experts Speak
Cyber Security Predictions for 2018: The Top Experts Speak
How to Protect Against Malware Infections: The Top Experts Speak
Insider Threat Detection