Although data breaches, insider threats and advanced persistent threats remain key risks for enterprises, on the technical side these organizations do not seem to lack viable solutions. Spending on cybersecurity has been rising around the world, with many of the largest public and private sector firms investing in endpoint and network security upgrades.
Cybersecurity spending rising to deal with increasing variety of threats
For example, the U.S. Department of Defense is expected to increase its cybersecurity outlays steadily until 2020, at about a 6.5 percent compound annual growth rate, according to Market Research Media. Over the same time period, expect banks like JPMorgan Chase to also ramp up their efforts in cybersecurity. The institution already spends more than $250 million a year in this area, but the amount is set to double following a limited systems breach over the summer.
In Thailand, Trend Micro regional country manager William Tan recently announced that cybersecurity spending has grown at least 15 percent across the nation so far in 2014. Procurement of mobile, cloud computing and custom defense technologies drove the uptick, as organizations looked to fend off sophisticated threats. The current environment is undoubtedly challenging:
- Through July 2014, Trend Micro estimated that 10 million records had been compromised in 400 breach incidents. Victims have included high-profile consumer companies such as Feedly, Evernote and eBay.
- Online banking malware has been on the rise, with 116,000 new samples observed in the second quarter of 2014. This number is up slightly from 113,000 in Q1 2013 and, along with the JPMorgan chase intrusion, underscores the growing pressure on banks.
- Social engineering is all over the place. Events such as the 2014 FIFA World Cup in Brazil have been used as hooks for numerous scams that try to extract sensitive information from Web and mobile device users.
Covering all bases: Dealing with communication and trust issues as part of cybersecurity
Given the risks that are out there right now, it’s natural that many enterprises are spending more to shore up their defenses. However, having the best possible endpoint software and other solutions is just the start of a solid cybersecurity strategy. Experienced personnel, consistently enforced policies and clear communication between teams are all also integral to protecting data and systems from cyberattacks.
We mentioned insider threats at the outset of this piece. The stereotypical view of the problematic insider is someone who is disgruntled or ill-intentioned. Such a person might try to scrape data from a PC using a USB stick, or intentionally use a consumer-grade application for tasks that require enterprise-grade security.
To get a sense of what impact an insider can have, look no further than Edward Snowden’s revelations about the inner workings of the U.S. National Security Agency. His is an exceptional case, certainly, but instructive of how vulnerable even some of the world’s most apparently secure firms can become if someone on the inside misuses privileges. The 2014 Verizon Data Breach Investigations Report found that while insider threats still trailed external threats, they were closing the gap. Eighty-five percent of insider-initiated incidents involved the corporate LAN, while 22 percent affected physical access.
Not all insiders are malicious, though. In many cases, a normal employee doing his or her job can court danger when using everyday applications such as email or productivity software. Issues on this front often arise from poor communication about responsibilities, compounded by the ongoing consumerization of IT. On the latter subject, research compiled by Egnyte in early 2014 found that for 78 percent of companies, twice as many bring your own device endpoints connected to their networks compared to two years earlier. Simply put, there’s more opportunity than ever for something to go wrong.
“The No. 1 most significant risk to every organization is your well-intentioned, non-malicious insider who is trying to do the right thing for the organization and makes a stupid mistake – [maybe] they’re working too quickly, they send something to their Gmail account so they can work on it over the weekend,” Jay Leek, chief security officer at Blackstone Group LP, told The Wall Street Journal.
The Trend Micro TrendLabs document “Embracing BYOD: Are You Exposing Critical Data?” outlined several vectors, other than Gmail transfer, for how such data leakage could occur. Possibilities include:
- Cloud-based note taking, document sharing and data storage applications, which are increasingly used on mobile devices. It can be easy to put corporate information into a personal app as part of a routine workflow.
- Unattended smartphones, tablets and PCs. Devices that are left out in the open can be stolen or accessed while a session is still live.
- Unsecured connections. Public and home Wi-Fi networks are ubiquitous, but they don’t offer the safety afforded by VPNs or other secure channels.
Coming to terms with insider risks and miscommunications
Stepping back, one of the reasons to take insider misuse seriously is that it is, in a way, the unfortunate offshoot of sensible corporate strategy. Many enterprises have embraced BYOD and the cloud in large part as ways to trim the costs of device and data management. Still, what’s good for the business at large may not always be best for cybersecurity, leading to the miscommunications that can put people and information at risk.
Moreover, the result is that even when employees do their jobs to the best of their abilities, there may be problems for their companies’ overall security posture. The upcoming battles over mobile payments, for instance, could have thousands of cashiers in the U.S. helping customers use relatively unsafe technologies such as CurrentC to complete transactions, despite safer alternatives like credit card, Apple Pay and Google Wallet being available.
Enterprises must start from a strong technical pay, covering the network and endpoints, and then ensure that they have clear policies in place for governing company assets. External threats can often be curtailed with better technology, but insider threats require smart management and attention to detail.
