Hackers feed on lack of employee awareness: Rudra Murthy, Digital India

Watch the complete session here

Organizations today mainly focus on external threats—they boost their end-points with anti-virus protection and strengthen their perimeter with next-gen firewalls. But analysts and industry leaders have now started believing that insider threats, whether inadvertent or malicious, may pose a greater risk to an organization.

Rudra Murthy, CISO, Digital India at Ministry of Home Affairs defines insider threat as, “An employee–current or former–having an authorized access to an organization’s network and data, and misuses that in a manner, which negatively affects the confidentiality and integrity of the organization’s information.”

According to reports, highlighted by Murthy, majority of Indian organizations feel vulnerable to insider threats much more than external breaches. “74 percent respondents believe that inadvertent data breaches are a bigger threat than negligent and malicious data breaches,” he says.

Read more: How companies can deal with insider data theft

Usually criminals and hackers are interested in customer data, sensitive data, and intellectual property. The hacker usually aims to attack the network, endpoints and mobile devices of a business. This happens because of the lack of employee awareness, insufficient data protection strategies, and dynamic and large scale endpoint device with sensitive data access.

To deal with these issues Indian organizations are now deploying instructor/LMS, DLP protection, BYOD, encryption management, and identity and access management.

To combat these risks, organizations require to deploy a holistic approach to security, and need to convince employees, management and top executives the importance of internal threats.

Murthy believes that insider threats are more difficult to prevent because usually insiders don’t always threaten the company’s data security and integrity intentionally. In fact many insider data breaches are completely unintentional.

To combat these risks, organizations require to deploy a holistic approach to security, and need to convince employees, management and top executives the importance of internal threats.

“This year the computer security industry, with $75 billion in annual revenue, has started to talk about how machine learning and pattern recognition techniques will improve the woeful state of computer security,” says Murthy.

On a geographic basis, North America is by far the largest region for cognitive/AI spending with 2016 revenues approaching $6.2 billion. Europe, Middle East and Africa will remain the second largest region throughout the forecast, but cognitive/AI revenues from Asia and Pacific region including Japan will nearly close the gap with EMEA by 2020.

The solution to these insider threats do not always lie in advanced technologies or carefully crafted policies. Sometimes the best remedy is good people management and straightforward conversations with employees. Fostering a strong culture of security and mutual respect in organizations will mitigate such issues.