Protect Your Data from Insider Threats with Code42

Code42 provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more – all in a single product that’s been proven to ultimately save you money. Recently, Code42 launched Security Center, a new suite of tools to help you spot suspicious data use behaviors in your workforce – and respond to them if necessary. There’s a big reason why we added this feature – the facts show that 89 percent of corporate data loss involves the actions of an insider.

We recently partnered with the talented team at creative agency Crash+Sues to create a series of videos about the core features of Code42. This most recent video focuses on an all-too common scenario in which an employee decides to steal valuable data from his employer. Unfortunately for him, this company has Code42’s Security Center.

Take a look today for an illustration of how Code42 and Security Center can help keep your enterprise’s data safe from insider threats.

How to Spot Insider Threat—Without Slowing Users Down

Imagine you’re driving to a destination, but at every turn, you’re forced to stop and explain yourself to a police officer. Why are you taking this turn? Where are you going? Are you sure you should be going this route? Are you sure you should even be going to that destination?

Beyond driving you crazy, it would take forever to get somewhere. You might even try going a sneaky back route—or coming up with a few effective lies—to help you avoid the constant stops and interrogations.

This is currently the most popular approach to mitigating insider threat in the enterprise world—the “trust no one” approach. It’s incredibly frustrating for end users. It significantly impedes productivity. It leads to dangerous user workarounds. But there’s a better way.

The “Trust No One” Approach Helps No One

The key challenge with insider threat detection: How do you differentiate legitimate everyday user activity from malicious or accidentally harmful actions? Traditional security tools rely on rigid rules. Lock down the most sensitive or valuable files. Limit access to the smallest possible group of users. Ultimately, this approach impedes end-user productivity, creating constant barriers and bottlenecks within legitimate everyday workflows. At the same time, this approach leads to alert fatigue for the IT and InfoSecurity teams tasked with monitoring user activity. It’s a “Boy Who Cried Wolf” situation: If you can’t trust that your alerts are real threats, then they’re pretty useless alerts.

Businesses Need to Protect Intellectual Property (IP)—But Locking It Down Isn’t the Answer

IP is now the most valuable asset to the digital business, making up around 80 percent of the average company’s value. But IP doesn’t sit in a vault­—it’s part of everyday workflows. Users are creating, editing, sharing and collaborating on IP files all day, every day. And their use patterns don’t always fit rigid rules—users must be fluid. As a project progresses and roles evolve, different users may access different types of files or data. Enabling this kind of fluid collaboration is critical to the success of the digital enterprise, so tools and rules that take an always-or-never approach just won’t work.

Moving Toward the “Trust But  Verify” Approach

Leveraging new data security tools and advanced analytics capabilities, forward-thinking companies are moving toward a new paradigm in insider threat migitation: trust but verify. This approach is based on the concept of freedom through transparency. Going back to our car driving analogy, here are the three key steps:

  1. See all endpoint activity/See all the cars moving: With a foundation of complete endpoint data visibility, IT and InfoSecurity teams can monitor all data in the enterprise as users move it between endpoints, servers, external and cloud storage devices and more.
  2. Understand “normal”/See the common routes: With complete visibility, teams can better understand what normal use patterns look like—the common routes—including how they evolve over time as projects progress and roles shift.
  3. Spot the anomalies/See the “wrong turns”: With a map of what normal activity looks like, it’s a lot easier to see when a user takes a wrong, suspicious or dangerous turn. That’s when you stop them and ask them to explain themselves.

Ready to put a better insider threat program in place? Read the new white paper, 3 Steps to Mitigating Insider Threat Without Slowing Down Users.

 

Verizon DBIR Says You Can’t Stop the Storm—But You Can See It Coming

The 2016 Verizon Data Breach Investigations Report (DBIR) paints a grim picture of the unavoidable enterprise data breach. But accepting the inevitability of breaches doesn’t mean accepting defeat. It’s like severe weather: you can’t prevent a tornado or hurricane. But with the right visibility tools, you can recognize patterns and mitigate your risk.

Likewise with data security, visibility is critical. “You cannot effectively protect your data if you do not know where it resides,” says Verizon.

Most enterprises plagued by poor data visibility

The report shows that most organizations lack the data visibility tools for effective breach remediation. Hackers gain access more easily than ever, with 93 percent of attacks taking just minutes to compromise the enterprise ecosystem. Yet without the ability to see what’s happening on endpoint devices, 4 in 5 victimized organizations don’t catch a breach for weeks—or longer.

Here’s a look at how data visibility solves many of the major threats highlighted in the 2016 DBIR:

Phishing: See when users take the bait

The report showed users are more likely than ever to fall for phishing. One in ten users click the link; only three percent end up reporting the attack. Instead of waiting for the signs of an attack to emerge, IT needs the endpoint visibility to know what users are doing—what they’re clicking, what they’re installing, if sensitive data is suspiciously flowing outside the enterprise network. The “human element” is impossible to fix, but visibility lets you “keep your eye on the ball,” as Verizon put it, catching phishing attacks before they penetrate the enterprise.

Malware and ransomware: Encryption + endpoint backup

With laptops the most common vector for the growing threats of malware and ransomware, Verizon stresses that “protecting the endpoint is critical.” The report urges making full-disk encryption (FDE) “part of the standard build” to gain assurance that your data is protected if a laptop falls into the wrong hands. Continuous endpoint backup is the natural complement to FDE. If a device is lost or stolen, IT immediately has visibility into what sensitive data lived on that device, and can quickly restore files and enable the user to resume productivity. Plus, in the case of ransomware, guaranteed backup ensures that you never truly lose your files—and you never pay the ransom.

Privilege abuse: “Monitor the heck” out of users

Authorized users using their credentials for illegitimate purposes “are among the most difficult to detect.” There’s no suspicious phishing email. No failed login attempts. No signs of a hack. And for most organizations, no way of knowing a breach has occurred until the nefarious user and your sensitive data is long gone. Unless, of course, you have complete visibility into the endpoint activities of your users. Verizon urges enterprises to “monitor the heck out of authorized daily activity,” so you can see when a legitimate user is breaking from their use pattern and extricating sensitive data.

Forensics: Skip the hard part for big cost savings

The most costly part of most enterprise data breaches—accounting for half of the average total cost—involves figuring out what data was compromised, tracking down copies of files for examination, and other forensic tasks required for breach reporting and remediation. Most often, an organization must bring in legal and forensic consultants—at a steep price. If you have complete visibility of all enterprise data to begin with, including endpoint data, you can skip much of the hard work in the forensics phase. If you already have continuous and guaranteed backup of all files, all your files are securely stored and easily searchable. Modern endpoint backup solutions go a step further, offering robust forensic tools that make it easy and cost-effective to conduct breach remediation, forensics and reporting tasks without eating up all of IT’s time, or requiring expensive ongoing consultant engagement.

See your data, understand your patterns, mitigate your risk

The whole point of the DBIR is to shed light on data to see the patterns and trends in enterprise data security incidents—to mitigate risk through greater visibility. So read the report. Understand the common threats. But make sure you apply this same methodology to your own organization. With the right data visibility tools in place, you can see your own patterns and trends, learn your own lessons, and fight back against the inevitable data breach.

Leaky End Users Star in DBIR 2016

Insider threat once again tops the list of enterprise cyber security threats in the 2016 Verizon Data Breach Investigations Report (DBIR). For the second straight year, Verizon research showed that the average enterprise is less likely to have its data stolen than to have an end user give away sensitive credentials and data—whether unintentionally or maliciously.

From insecure storage, transfer or disposal of sensitive information, to lost or stolen endpoint devices, to intentional data theft and privilege abuse, to simply entering the wrong recipient name in the email address field, the vast majority of breaches can be traced back to end users. “Our findings boil down to one common theme,” said Verizon Enterprise Solutions Executive Director of Global Services Bryan Sartin, “the human element.”

Overall, 2015 trends persist in 2016

The 2016 DBIR pulls trends and insights from more than 100,000 incidents—and 3,141 confirmed data breaches—across 82 countries. Is there anything groundbreaking in this year’s DBIR? Nope. Verizon reports “no drastic shifts” and no “show-stopping talking point.” For the most part, last year’s trends and patterns continued. But to “strike a deceased equine” (as Verizon put it), these persistent trends bear reviewing.

Phishing still works—end users are more likely than ever to click the link

The 2016 DBIR found hackers increasingly targeting devices and people instead of servers and networks, with phishing attacks growing from less than 10 percent of all attacks in 2009 to more than 20 percent in 2015. Why? Because people are more likely than ever to “click the link.” Verizon says 12 percent of people tested will click on a phishing attachment—up from 11 percent in 2014. Also of note: the same study found only three percent of users that receive a phishing email report the attack attempt. The IT department is stuck between a rock and a hard place. More people fall for the scam, and no one gives IT a heads-up.

Privilege abuse is still a top insider threat—with an emerging twist

Traditional privilege abuse involves an internal user stealing or corrupting sensitive data—whether for personal gain or in collusion with an external actor. Verizon noted an emerging twist: external parties with legitimate access credentials (a customer or vendor, for example) colluding with another external actor. Verizon also showed that insider threat detection is extremely difficult in cases of privilege abuse, with most incidents taking months for the enterprise to discover. This year, privilege abuse was the top defined category of cyber security threats, second only to the catchall category of “Miscellaneous Errors.”

Something new: the three-pronged attack

Cybercriminals aren’t just getting smarter—they’re growing more patient. Verizon highlighted what it called the “new three-pronged attack”:

  1. Phishing email lures user to malicious link or attachment.
  2. Clicking the link installs malware that targets a user’s various digital access credentials. Sophisticated malware can even compromise other users’ credentials through this one entry point.
  3. Those credentials are later used in other attacks.

The first challenge here is tracing the subsequent attack back to the initially-targeted user and the original phishing email. The second is figuring out just how deep the attack went—which credentials were compromised and which data may have been exposed or stolen. Playing the “long con” gives cybercriminals a chance to slowly, silently extend the reach of the breach, with users and IT unaware.

Biggest cost: tracking down data during breach recovery

With sophisticated attacks leveraging insider credentials to go deeper and broader, it’s no surprise that the biggest cost of an enterprise data breach comes from the daunting task of forensic analysis. Figuring out what data was compromised, and tracking down copies of the files, puts an enormous strain on IT resources, and accounts for nearly 50 percent of the average total cost of an enterprise data breach.

TL;DR—Breaches are inevitable; data visibility is key

The DBIR is great reading (really—you’re guaranteed a laugh or two), but it’s 85 pages long. Here’s the quick-and-dirty:

  • “No locale, industry or organization is bulletproof.” In other words, breaches are inevitable.
  • Know your biggest threats. Take five minutes to check out the tables on pages 24 and 25, showing incident patterns by industry.
  • “You cannot effectively protect your data if you do not know where it resides.” Breach remediation is crucial. Data visibility is key.

Next, we’ll tackle this last point—why data visibility is essential to effective breach remediation, and how an enterprise can enhance data visibility.

Facebook Twitter Google YouTube