Human Error to Intentional Misdeeds: From Downtime to Disaster
The hot news lately has been about the compromise of networks by outside intruders. The facts show that internal breaches, whether intentional or accidental, done innocently or with malicious intent, comprise nearly half of all hacks. Here are a few statistics:
43% of data breaches are internal, according to a recent Intel study. While external breaches still count for over half of all attacks, and are also growing, internal data breaches account for almost half of the total.
And according to the Breach Level Index 61 records are breached every second worldwide.
And yet not all internal network security problems are intentionally caused. Still the result can be the same – network downtime, stolen private records, and substantial damage to brands, whether they are retailers (like Target) or service providers (like Equifax).
An algorithmic approach, leveraging software and policy, can significantly reduce the number of breaches that occur by accident. To be able to prevent the errors and take real-time actions, enterprises and service providersshould have man-in-the-middle applications control and verify any action taken, by any command sent to the infrastructure.
Moreover, user behavior analytics is the next step once you are in-the-middle. The problem is not simply employees making mistakes or having ethical issues, but their psychology as well. For example, measures should be in place to prevent a desperate individual, who may one day be intoxicated, from retaining access and rights to make changes in the network.
A solid Identity Access Management platform as part of enterprise and service provider networks, including Privileged Access Management and Privileged Task Management (which is more automated), equipped with user behavior controls, time and date restrictions and geo-fencing, can reduce not only accidental but intentional disruption and deception.
Given our digital economy, corporate data is extremely valuable and increasingly monetizable by criminals. Just knowing that certain networks have oversight into every action taken on the network will deter criminals, and prevent “accidents.”
Even the most disgruntled employees can be managed with a solid access governance strategy, with proven processes, software and policy in place to ensure nobody can get into a network and cause trouble – without, at the very least, being caught and prosecuted with highly credible evidence.
Intel’s recent report also revealed that in 68% of data breach incidents, the data exfiltrated from the network was serious enough to require public disclosure or have a negative financial impact on the company. The same was true for 70% of incidents in smaller commercial organizations, and in 61% of breaches in enterprises. That is a huge number!
This statistic may be the scariest of all. Information Technology and Operations Technology teams are being held to account on protecting their company’s most valuable asset – trust. Breaches can have a massive negative financial impact on companies, and this will only increase and more and more enterprises are transforming to digital companies.
Secure from the inside out – that’s what it means to Protect What You Connect TM.
Author: Onur Semih Sevim