Computer security experts claim that as many as 90 percent of all data security breaches are not discovered by the organization experiencing the breach, but are in fact discovered by third-parties. For example, in the recent breach of mass retailer Target, the problem was discovered not by the company or any of its customers, but instead by a third-party security agency charged with monitoring the network.
The fact that so few organizations actually catch suspicious or criminal activity on their networks highlights a common problem today: Most companies treat anything within the network as trusted, and only inspects traffic coming from outside the network for security risks. The motivation behind this is simple, as network administrators assume that anyone who has the proper credentials to access the network must not be there for nefarious purposes. They (justifiably) put absolute faith in their antivirus protection, firewalls and cloud computing security protocols, and feel confident that they are keeping the “bad guys” out. This is a great first step, but there’s an additional problem.
Sometimes, the “bad guys” are on the inside.
Internal Threats Are the Biggest Threats
To date, investigators have not revealed how the malware responsible for the Target breach found its way onto the network. However, some have speculated that a Target employee — most likely inadvertently — was the source of the breach.
Why would experts blame an employee? Because as many as 70 percent of all data breaches stem from internal sources. A small number — about 12 percent — are deliberate breaches caused by disgruntled employees who steal information or deliberately install malware to compromise the network. The rest either fall victim to viruses or social engineering scams, or cause the breach through accidental misuse or by losing a mobile device or laptop. In other words, there’s a good chance that someone associated with Target made an error that allowed the malware to infiltrate the system.
Because internal threats are such a problem, a new report from Forrester Research recommends that information security experts begin paying more attention to what is happening within the confines of the network. In addition to constantly strengthening the perimeter and blocking threats from the outside, organizations need to do more to strengthen internal networks and monitor internal network traffic for anomalies and suspicious activity. Known as a “zero-trust” environment, this model assumes that anyone is capable of creating a security breach, and more closely monitoring activity to stop it before it starts. In short, it means that absolutely no one can be trusted — even your employees — and every activity on the network should be treated as potentially suspicious.
Monitoring, Logging and Segmenting
The cornerstone of a zero-trust environment is limiting access to the network. In many organizations, employees have unfettered access to everything, or at the very least, access to areas that they do not need to use. Instead, experts recommend giving employees controlled access to only the data they need. Not only does that keep the data safe should the employee decide to share it, it also limits the damage should that employee become the source of a malware attack.
However, locking the doors to the forbidden rooms isn’t enough. Zero trust also means monitoring what employees are doing in authorized areas. Logging employees’ patterns of access and activities allows for red flags when something goes wrong. Imagine, for example, an employee accesses a database that he or she rarely accesses — and begin to download the entire thing. Such activity would launch an investigation to determine whether the activity was legitimate or not.
Finally, zero trust also requires relying more heavily on internal logs, and reviewing them on a regular basis. According to one study, in 87 percent of recent data breaches, internal data logs revealed the breach long before the security team discovered evidence of it. Regular log reviews would also reveal incidents of employee misbehavior that may have been otherwise missed.
As networks grow and evolve, and new technologies like cloud computing and virtualization become commonplace in today’s enterprises, it’s more important than ever to place a top priority on security and take steps toward security vulnerable data. It’s no longer enough to assume that the cloud service provider is going to take care of security, or that employees are always going to keep security at the forefront of their activities. For those reasons, a zero trust environment is vital, for when you trust no one, you spot anomalies and problems sooner and avoid costly data breaches.