By Isaac Kohen
Over the past couple years, we’ve witnessed countless attacks that have leaked our corporate and personal data. The data breach incidents are well-known: Yahoo, Target, Anthem, Uber, and Equifax. In response, we see outrage, increased scrutiny of breached organizations, new legislation, and new regulations such as the European Union’s General Data Protection Regulation (GDPR).
Behind many of these data breaches is an insider, whether negligent or malicious. Company insiders - employees, vendors, partners - pose a threat to employee and customer data, intellectual property, and corporate infrastructure.
Among 874 breach incidents reported by companies to the Ponemon Institute, 568 were caused by employee or contractor negligence and 191 by malicious employees and criminals. In addition, a 2017 survey of over 1,000 workers found that:
- 99% of the professionals surveyed admitted to conducting at least one potentially dangerous action, from sharing and storing login credentials to sending work documents to personal email accounts.
- 34% of those surveyed store work documents using sync-and-share services, allowing them to access the documents from personal accounts even after leaving an organization.
Corporations Are Data Goldmines
Corporations store a long list of valuable data types:
- intellectual property
- business planning documents
- pre-IPO information
- sales projections, and more
Customer data is a key corporate asset, including both personally identifiable and protected health information, as well as customer credit card and bank information. Less obvious is the fact that organizations hold the same personal data on their employees.
The Cost of Lost Data
For organizations, data breaches result in ‘soft’ costs, such as brand and reputation damage, and ‘hard’ costs, such as recovery and settlement, as well as those costs associated with providing free services in response to a breach. The 2017 Ponemon Institute Cost of Data Breach Study found that the average total cost of a data breach was over $3 million.
For employees or customers whose data has been leaked, the results are loss of privacy, identity theft, and immediate or future monetary loss.
The need for personal data protection and privacy, in particular, are key concerns today for both individuals and governing bodies. The coming GDPR includes language that gives individuals the right to request deletion of their personal data from anywhere in the EU when there is no compelling reason for its processing.
We Need More than People to Solve the Problem
The battle against data breaches has taken center stage for most corporate security teams. No corporate leader wants to be in front of a government committee testifying about a flawed data protection plan. But we can’t simply throw more people into this battle because:
- There aren’t enough trained cybersecurity professionals to go around now.
- Attempting to solve the problem through ever-increasing hiring is not scalable.
- We should be letting the computers do the grunt work of listening for and properly categorizing threats, while the professionals attend to security awareness efforts, advanced threat hunting, and response planning and execution.
How Automation Can Protect Data
Given that a large percentage of data breaches occur at the hands of insiders - negligent or malicious employees, vendors, or partners - it makes sense to invest in ways to thwart insider-caused breaches.
Traditional methods of addressing the insider threat have focused on locking down data, instituting security protocols that impact users doing their jobs, or spending money on clean-up efforts. Here again, these are largely human efforts.
User activity monitoring software automates the process of listening to and alerting on abnormal insider behavior like large file downloads, emails to personal accounts, and logins during off-work hours.
Software can leverage machine learning algorithms to analyze company-wide employee behavior and build typical employee profiles across departments and users groups. Based on these user behavior analytics, the software delivers intelligent automated security alerts when high-risk activity occurs. Automation is in the response as well, with high-risk activity proactively blocked without human intervention.
A quick response to thwart an insider breach delivers real value. The discovery timeline for insider breaches is typically measured in months and years, but user activity monitoring software can help drastically reduce this timeline and the cost.
Research has found that if the mean time to identify (MTTI) a breach was under 100 days, the estimated average total cost of data breach was $2.80 million. If it was over 100 days, the estimated cost was $3.83 million.
Data protection is now a critical concern for corporations and individuals, one that is driving institutional investment and shaping the decisions that consumers make about who to do business with. Data protection that rests solely on humans can’t address today’s challenge. A plan for data security must have automation at its core.
About Isaac Kohen
Isaac Kohen is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records, and prevents malicious user behavior, in addition to helping teams to drive productivity and efficiency.