Written By,
Threat Management Leader, IBM Security India – South Asia
At the recently concluded SME Venture Cybersecurity Summit, 21 – that was presented by IBM Security – we invited Bob Kalka, Vice President, Technical Sales, IBM Security.
Bob shared his experiences and learnings on how organizations globally are going fearless with Zero Trust, and why Indian organizations need to adopt a Zero Trust approach to cybersecurity.
You may listen to what he had to say, here.
Mr. Kalka had highlighted 4 key use cases that he is seeing the most focus on, globally:
- Protect remote workforce
- Reimagine hybrid cloud security
- Address rising insider threats
- Preserve customer privacy
Since then, we have done chapters on each of these use cases.
In the chapter on September 3rd, we brought in a panel of eminent cybersecurity experts to discuss insider threats.
The discussion validated my belief that insider threats indeed are a huge concern, and their peril has intensified with remote work and cloud adoption.
The key point that came out of the panel discussion was that as insider threats grow in frequency and continue to become more imminent, zero-trust approach can help tackle them.
I will attempt to summarize our discussion in this short blog. I encourage you to watch the recording.
The panel first focused on how, during the pandemic, the danger of insider threats increased exponentially. The panel believes that there are two key reasons for the same:
- Remote workers: Organizations had to enable employees to work remotely during the pandemic, increasing the number of endpoints IT teams were supporting exponentially. This resulted in reduced visibility of IT and security teams.
- Cloud: More and more organizations today are reliant on cloud. This resulted in shifting network boundaries about where the lines of responsibility start and finish.
For the record, the number of insider threats increased a whopping 47%, between 2018 and 2020*.
But why are insider threats dangerous?
Everyone on the panel believed that insider threats are more dangerous than external threats. This is not difficult to fathom because insiders have access to sensitive information regularly and may even know how that sensitive information is guarded by the IT/Security teams. They can do so without leaving any significant evidence of intrusion.
What is more daunting is the fact that insiders may not even have any intentions to compromise security but can still end up creating a security scare or introduce a threat, say with a simple installation of a USB drive.
Moreover, insider threats are difficult to detect, and it could take more than 2 months to contain an insider incident. In fact, 87% of incidents could be contained only after more than 30 days.
One more thing the panel was unanimous on is that a key focus of addressing insider threats must be on identifying user behavior that deviates from the normal.
This is particularly important for privileged users like network engineers, IT security pros, IT auditors, database and systems admins, developers, and data center managers. Since these users can modify or delete data, including audit logs, access corporate resources and other sensitive information – even though that access is not needed to perform their job – they are often targeted by APT attacks.
In fact, 40% of insider incidents involved an employee with privileged access to company assets.
To tackle the threat posed by insider threats, your security team needs the ability to detect, investigate and respond to these potentially damaging attacks quickly and accurately.
We, at IBM Security, believe that a ‘zero-trust’ approach – by providing organizations with adaptive and continuous protection for users, data, and assets – gives them the ability to manage insider threats proactively.
Basically, the zero-trust based strategy helps with a three-pronged approach:
- Enforcing least privilege access: Zero-trust principle of implementing least privilege that ensures users have the lowest access levels needed to carry out their duties, lowers the chances that an insider will gain unintended access to data or assets. This comes in the form of a privileged access management (PAM) solution. Surprisingly, PAM is the second-most underutilized tool used to reduce insider threats, with only 39% of organizations interviewed deploying the tool.
- Discovering risky user behavior: One of the key challenges with the current model is limited visibility into user behavior patterns across devices, systems, and data. You need to monitor user activity across assets to identify anomalous behavior and enable an automated response based on anomalous behavior across assets. By adopting a user-focused view, zero-trust approach can help quickly detect user behavior anomalies and manage user risk from a centralized location.
- Embedding threat intelligence: Insider threat detection is not about “known bad” but existing threat intelligence is primarily limited to known bad actors.
As the scope and scale of insider threats increase, static protection policies become less effective over time. To modernize security and help address insider threats many organizations – globally and in India – are turning to the zero-trust approach.
The panel, too, was unanimous in their viewpoint that Zero Trust is the way forward to address rising insider threats.