Ben Hatton Data center insider threats (and how to prevent them)

August 13, 2015 by · Leave a Comment 

The threat of data breaches and data theft have been in the news a ton lately, and we’ve written a lot about it as well. Much of the assumption is that these threats primarily come from outside of an organization, and while that’s true, a sizable and growing percentage are what can be considered as ‘insider threats’ from a company’s own employees or contractors they are working with. Insider threats

Quick definition

An insider threat can most often be defined as an intentional act by an employee to steal or destroy sensitive company data. Whether it is a disgruntled employee who has been terminated, or an employee or contractor wanting to make money off of sensitive data, this type of threat is very real, and a recent study shows just how big of a deal it can be.

Insider attacks are on the rise

A recent study of over 500 security professionals by Vectra and Linkedin showed me some insights into just how prevalent this type of threat is, and I believe a lot of this information is definitely worth digesting if you are a company that relies on a large amount of sensitive data on a daily basis. I’ll start off with a few of what I found to be the most relevant findings from the study (PS: you can view the study in its entirety here).

Here are my 3 biggest take-aways:

  1. 62% of the security pro’s who participated in the study said that they have seen instances of insider attacks increase in frequency over the past year.
  2. Less than 50% of the organizations surveyed have policies or monitoring in place to help prevent against insider attacks.
  3. The specific types of data that are the most vulnerable are customer data, intellectual property, and corporate financial data.

Your biggest take-away: managing who has data center access

These stats as well as others from this report clearly indicate that your business data has the potential to be susceptible to threats from inside your organization, and that lessening the risk from these types of threats should be a priority. There are a number of ways that this can be done from a policy standpoint, which I’ll look at in a future blog post (stay tuned!), but a big thing that we advocate at Data Cave is monitoring and managing who has access to your colocated equipment at any given time.

For many of our colocation clients, this involves receiving reports from Data Cave of which employees have access to their server equipment at regular intervals (once a month, for example). This way, they can always have accurate information on who should be accessing their data and equipment, and they can also make adjustments as people leave the company, or new people come on board.

Another big thing we often recommend to our clients is to reach out to Data Cave as soon as possible in the event that an employee leaves the company, so that their data center access can be revoked. A disgruntled former employee who has access to IT equipment and sensitive data can easily become a security risk, and ensuring that their data center access is immediately revoked will help to prevent this from becoming a serious threat.

Insider threats certainly aren’t a guarantee for every company, but they are always a possibility as evidenced by this report. Taking steps now can help ensure that your data can be better protected in the event of any such threat.

 

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

 

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!