INTERVIEW OF THE MONTH
INTERVIEW WITH MS. PRATIMA RAM
Fmr Country Head , USA ,
State Bank of India.
In your view, how is Digital impacting a rise in Insider Threats and how serious is this problem?
There has been a dramatic increase in the size and complexity of IT in the past few years. Companies’ security groups have not been able to keep up with the dangers posed by the explosion of technology and devices, consequently exposing companies to insider threats coming from employees exploiting legitimate access to an organization’s cyber assets for unauthorized and malicious purposes.
The rise of social media, cloud, mobility and big data is making insider threats harder to identify while also providing more ways to pass protected information. The insider threat has intensified as people have become increasingly mobile and hyper-connected. Nearly every worker has multiple, interconnected devices that can compromise information immediately and at scale. It’s not just personal devices such as smartphones and tablets but also simple devices such as flash drives or phone memory cards that adds to the complexity in managing insider threats. Cloud storage and file sharing apps are vulnerable to insider attacks. IT departments generally have not caught up with appropriate defensive strategies.
Social media allows information to leak from a company and spread worldwide, often without the company’s knowledge. Social media also provides opportunities to recruit insiders and use them to access corporate assets by using knowledge gained through social networks to pressure employees.
What are some good practices to mitigate the risk of Insider Threat? How are large enterprises dealing with this issue?
Enterprises need to have a cyber-security policy that describes the user responsibilities and privileges together with user limitations and penalties for violation of the policy.
One of the biggest security threats is employees as they may damage systems either through incompetence or on purpose. This is typically attempted to be mitigated by:
- Employees being given only appropriate rights to systems and limiting access to only business hours.
- Compelling users to make changes to login information periodically.
- When employees are separated or disciplined, removing or limiting access to systems in a timely manner.
- Keeping detailed system logs on all computer activity.
- Physically securing computer assets, so that only staff with appropriate rights can access.
- Users not being permitted to attach unauthorized devices on their PCs or workstations.
- Users not being permitted to download unauthorized software from the Internet onto their PCs or workstations.
- Downloading of company data / information restricted to specific devices only.
- Restricted Internet access to employees and contractors connected to the internal network.
- Regular monitoring electronic information created and/or communicated by persons using company computer systems and networks, including e-mail messages and usage of the Internet, including patterns of usage of the Internet (e.g. site accessed, on-line length, time of day access), and usage by employees of electronic files, messages and access to data.
Large enterprises generally put in place a cyber security policy which is a formal set of rules by which people who are given access to company technology and information assets must abide. Company users (employees, contractors and other authorized users) are informed of their obligatory requirements for protecting the technology and information assets of the company. There is an ongoing monitoring by IT team which coordinates with HR when there is a breach by the employee.
What kind of change management is required to be done within enterprises as they execute a risk mitigation plan?
In view of the dramatic increase in the size and complexity in technology and devices, there needs to be more discussions at senior management and at Board levels on processes and execution of security measures for protecting the company’s data and assets. Many organizations do admit that they do not have adequate safeguards to detect or prevent attacks involving insiders. Apart from having a robust and well implemented cyber security policy, it is important to raise awareness about likely threats so that people can detect them and be on guard against anyone who tries the get their assistance to breach cyber security. Companies can encourage employees to report unusual or prohibited technologies (for example, a portable hard drive in an office where employees normally access data and software via the network) and behavior (an unauthorized employee or vendor asking for confidential data files).
Insiders who knowingly participate in cyber attacks have a broad range of motivations: financial gain, revenge, desire for recognition and power, response to blackmail, loyalty to others in the organization, and political beliefs. Hence it is important to look out for possible threats while hiring and as well during the tenure of the person with the company.