It is no secret that the most common factor for most of the data breaches taking place in an enterprise is that of an insider threat. As per the estimates, more than 40% of the breaches occur due to threats from within an organization and if the unofficial figures or the unreported ones are to go by than this figure can rise to an astonishing 75% or more. Any breach by a criminal organization or nation-state attacker obviously receives more coverage than the insider breaches and this is the reason why they do not make headlines. But security experts are of the opinion that insider data breach have more far-reaching effects due to the low detection capabilities and the high potential impact.
Insider data breaches may be intentional or unintentional. An employee may upload sensitive data on a public domain by mistake or even a poorly designed cloud security protocol may lead to unintentional revealing of confidential data in an enterprise. Then there is this case of disgruntled employee, who might be making attempts to gain access to any target system and download all the information either on his personal device or on his personal account on the cloud without leaving any physical trace. Also, there are possibilities that an insider may be persuaded through extortion or for financial gains to obtain information or help gain backdoor entry into the data system.
One of the greatest advantages of using the cloud platform is its virtually unlimited accessibility that exactly turns out to be its nemesis also. With the help of weak credentials or improper blacklisting of sources, it is possible that an insider can access sensitive data through the internet. Also, an account that has been left behind by a previous employee and has been forgotten to be deleted by the admin can be a potential source of insider data breach without the need for physical network access. Thus, an account lifecycle management becomes imperative to an enterprise when the data they hold is more in volume and significant. Scalability and flexibility is the precise reason why enterprises shift their data to cloud services. And these communicate with each other through the application program interface (API) key. This serves, not only for identification purposes, but also to secure data through complex passwords. Changing of an API key need that all the associated systems are integrated simultaneously; and since this task is tedious, the API keys are kept unchanged for more-than-necessary time periods. This gives an admin who will be leaving the enterprise with full access to the service till the API keys are not changed. So API key management is vital to prevent insider data breach in an enterprise.
Machines make use of behavior analytics to inspect data for any irregular or doubtful user behavior. Proper security protocols can be customized and designed to alert the admin when there is a sudden download of a lot of sensitive data or when there is data sharing between multiple systems within short periods of time. Data loss prevention or DLP solutions help the transferred files to be scanned for keywords, content and classifications. Based on the configuration policies, the system can inspect, alert, block, alter or delete sensitive data from leaving the database and the network within an enterprise, thus preventing insider data breach. CASB solutions provided by known Cloud Access Security Brokers have such cloud security protocols.
As in all classic cases, prevention is essentially better than cure. But unpredictability of human behavior imposes challenges in maintaining data security. Thus policy enforcement that incorporates permission reviews, separation of duties, least privilege, regular account reviews, API keys management etc are especially critical when dealing with insider threats. CASB solutions, when deployed can impose some restrictions and policies, whose violations are reported so that immediate actions can be taken to prevent the harms of insider data breaches.
Insider threat is a grave problem and has to be addressed to without neglecting the security aspect by every enterprise. Proper detection systems have to be in place and right access has to be provided to the right people so that there is creative and not destructive work in an enterprise. Such security cocoon can be availed by deploying efficient CASB solutions.