This article is an excerpt from GovLoop’s recent report, “Insider Threats: Mitigating the Risks at Your Agency.” Download the full report here.
Agencies are growing more concerned about being exposed to insider threats as more devices connect to their networks. That is because many agencies lack visibility into their entire enterprise and understanding of the data it generates.
All insider threats have access to an agency’s internal data, IT infrastructures and security practices. There are a broad variety of insider threats, all of which can lead to corporate espionage, intellectual property theft and undermining national security.
Protecting against insider threats is critical for agency security, but is especially challenging for workforces that have to balance cloud and legacy infrastructure. Agencies need to find a solution that collects and clarifies their vast amounts of information and creates actionable insights.
The solution? A layered approach to security.
The Solution – Layered Security
Agencies should adopt a layered security approach that combines access, identity and security event management to detect and disrupt insider threats before damage is done.
This approach starts with multifactor authentication (MFA). MFA requires users to present two or more pieces of evidence about their identity before they can access sensitive data.
“Passwords are easy to steal historically and introduce a lot of risk,” Kevin Hansen, Chief Technologist of Micro Focus said. “MFA relies on something that the user physically has and something they know. It increases the assurance of who that user actually is on your network.”
Once you’ve identified who is on your network, the next step is managing user access privileges. By determining which users can access which data, agencies ensure that no one has unnecessary access. They also establish normal user behavior patterns, making potential threats more visible.
“Agencies are having a hard time making sense of all the information that they’re collecting. They need to be able to identify what relationships exist between users, their roles and what groups they belong to.”
– Kevin Hansen, Chief Technologist, Micro Focus Government Solutions
“As a person evolves over time and changes roles, their permissions need to change as well,” Hansen said. “They may come in as a system administrator and become management down the road, and they no longer need those elevated permissions on those systems. That’s forgotten too often, and de-provisioning those permissions doesn’t happen.”
Alongside access privileges, agencies will also need to better manage their users’ behavior and identifying characteristics. This gives organizations the insights they need to understand who its users are, how they typically act and what they need to access.
To get even greater benefits from layered security, agencies can add machine learning and predictive analytics. These technologies boost the speed at which data can be analyzed for patterns and potential dangers. Predictive analytics examines current and past information to predict future outcomes, while machine learning involves computers “learning” from data to improve their performance on tasks without explicit programming.
Delivering these tools via automated methods helps agencies reduce the strain on their employees and better allocate their resources. It also frees up time for workforce training on how to avoid unintentionally becoming an insider threat.
“You want quick integration that increases your time to value on mitigating insider threats,” Hansen said. “If that integration’s going to be cumbersome, you should absolutely evaluate that.”
Download the full report now to learn best practices on how your agency can use layered security.
I like the idea of a layered security approach. Cybersecurity is such a complex challenge, with threats coming from everywhere, that it makes sense that no one tool is going to solve the problem, but instead you need to leverage multiple tools to provide a strong defense against cyberattacks.