Insider security threats, where company information or accesses are breached either knowingly or unknowingly, through existing company accounts, are a massive threat today.
The Verizon 2019 Data Breach Investigations report says that 34% of all breaches in 2018 were caused by insiders. While statistically that’s only one third, the potential for insider damages, especially as these often go undetected, are exponentially higher. If you think you are covering most of your bases by securing yourself against external attacks, think again. An insider breach might be less likely to happen, but the dangers are far greater.
According to the same report, the average cost to a business of an insider breach is large – almost $9m a year, in 2018, and rising. For small and medium businesses, this can often mean complete insolvency and closure.
How long does it usually take to identify an insider breach? The 2018 Cost of a Data Breach Study by the Ponemon Institute found that a company needs on average 197 days to identify a breach and 69 days to contain it. That’s almost an entire year during which internal systems continue to remain open to the breach.
Most insider breaches are simply a result of careless employees. Login credentials stored in documents for quick reference, installation and use of unauthorized apps, and so forth. Access to applications and entitlements that a user no longer needs, but still has.
Like most vulnerabilities, these exploits are due to natural vulnerabilities due to users themselves, not from deep rooted vulnerabilities in systems that are generally well engineered to be secure.
The solution, therefore, at this stage, is not overly complex, but rather simple.
A high-quality Single Sign-on product with full User Lifecycle Management (ULM) capabilities is your best line of defense. When the vulnerability lies not on an architecture level but on the process level, it is company processes and policies that need to be better managed. A comprehensive ULM product essentially ensures that employees (and contractors, managers, etc.) have just the necessary access and no more. When moving between job roles, promotions or transfers, and when employees quit or are fired, the system is more vulnerable. A powerful ULM solution will ensure that accesses which are no longer appropriate for a person are promptly revoked.
Sometimes an employee leaves an organization her access to some applications continue to exist. These orphan accounts pose the most dangerous insider threats because they can be used without detection and without any trace to a real person. Such accounts must also be detected and removed promptly.
How does management know whether to grant access to a specific person, or to revoke their access, or whether granting an access will create a situation in which the employee has the potential to cause significant harm to the business? For instance, you might trust your Finance Administrator deeply for he or she has been loyal and has been with your company for 20 odd years. Still, if she was allowed both to issue as well as cash cheques by your organization, and if someone gained access to her accounts, they could write a company check and cash it to themselves and nobody would be the wiser.
To battle all this, as well as solve other kinks in user access issues, a product like Cross Identity CI is ideal.
Most products offer only one or a few components of
IAM. A market leader in SSO might not offer or only offer poor ULM and Orphan Account Management capabilities. But, Cross Identity CI is the only full-suite IAM solution with comprehensive capabilities in all the different IAM functions. It has been developed with over 20 years of experience dealing with IAM and IAM installations for all sizes and classes of businesses and is truly capable of being your partner in the battle against insider threats.
Available on the cloud, CI is the worlds most affordable, complete and simple IAM solution.