End-User Security Risks—Mitigating Insider Threats to Enterprise Security

Full visibility into user behavior and understanding normal activity can help identify threats, but knowledge of applications is also essential.

istock 673593354

IBM and IDG Content

Whether a user’s credentials have been stolen, or external partners have been compromised, any user with network access is a potential risk to enterprise IT security.

We’re not just talking about disgruntled employees here: Attackers continue to use social engineering tactics to steal credentials by leveraging personal information from social networking sites. And more sophisticated phishing attacks continue to trick end users into clicking on malicious links and attachments. In fact, the IDG 2017 U.S. State of Cybersecurity Survey revealed that 28% of “insider” security incidents were attributed to unintentional or accidental reasons.

The answer lies in part with visibility. As employees move into, around, or out of an organization, IT professionals may struggle with who has the right access to which applications. “The challenge is keeping track of which users have what privileges, are those [privileges] retained as people take on different roles, and is it removed after they leave,” said Dustin Hoff, partner -global competency leader, Identity and Access Management, IBM, North America.

In short, IT and security leaders need to monitor all data across all applications to see the behaviors of each user.

To generate a complete picture of access, and design a security architecture that delivers increased visibility across both internal and cloud applications, Hoff and others offer these 5 tips.

  • Application inventory. The prerequisite to designing the architecture is knowing what is running across the environment. It’s good practice for companies to know all the applications or systems in their environments, but Hoff says it’s critical to identify the gaps. “The first thing they want to understand is their landscape—where does their sensitive data sit within that landscape, and who has access to it?” he says.
  • A centralized repository. Bringing all applications into one central location makes it easier to analyze and manage all the data. Individual access management systems may only provide some visibility to certain applications, but a centralized repository delivers comprehensive visibility, making it easier to implement identity access controls.
  • Principle of least privilege. Setting access controls for internal users is challenging because most users need some level of access to sensitive information in order to perform their job duties. But users should only have the bare minimum access they need to do their jobs. “We can’t remove [user] access and have them do their jobs. We have to be thinking about the balance between security and user experience because 99% of users are not malicious,” Hoff says.
  • Determine normal user behavior patterns. Because intruders can access the network with stolen credentials, many IT professionals have adopted user behavior analytics technologies to identify activity patterns. Once that baseline of normal is set, these technologies can monitor for anomalies. Here’s an example: when a user who normally logs into the US office between 9-5 ET signs onto the network from China at 2 AM, the system detects the abnormality.
  • User education. Making security everyone’s responsibility is part of a good security strategy. All too often people want to believe that technology is the answer to all security problems, but making security part of the culture by simulating attacks, educating users, and creating a culture of awareness can help prevent breaches.

To learn more about IBM’s approach to mitigating security risks, click here.

To continue reading about this topic, check out our infographic: Bringing Shadow IT Out of the Shadows