South African organisations are increasingly looking to protect themselves against the insider threat, says John Mc Loughlin, MD of J2 Software. This is as the result of more stringent compliance and regulatory requirements, as well as the higher profile of insider breaches.
“SystemSkan’s unique technology has become renowned worldwide for its ability to identify insider threats immediately with total end-user visibility so the gaps in security can be closed as they occur. It is always better to stop the threat than to read about the data leak in the news, and we have seen substantially increased demand from local companies for the solution,” he says.
According to Mc Loughlin, SystemSkan has highlighted security holes and issues within every company where the solution was installed. In each case, the businesses were unaware of these risks.
“When working with customers on their internal risk assessments, we have seen many issues which they were completely unaware of. We discovered these problem areas because of the visibility provided by SystemSkan to actual end user behaviour. In most cases the users are totally unaware that their behaviour is a problem, and often they have opened the business to risk by bypassing security measures to make things easier for themselves.”
He adds that while in many instances these risks were the result of “privileged super users”, who have greater access to company data and the authority to make changes to the company’s systems, average users were also responsible for vulnerabilities. “Time and again, we see that the vast majority employees have no ill intent, but their behaviour exposes the company to data leaks and creates holes through which cyber criminals can access the network.”
For example, pirated music, movies and software are found on every single company network, and almost all businesses use unprotected, public file sharing services. These create vulnerabilities ranging from imported malware to data breaches. “Even with written policies, users are still found downloading and sharing illegal movies, music and TV shows in 100% of the organisations we have worked with. 86% had users accessing and downloading illicit material, pornography and similar website activity,” Mc Loughlin says.
In addition, 98% of organisations were identified as having inconsistent anti-virus coverage. “Almost all the organisations we worked with had machines where critical perimeter security measures were not rolled out to all machines. This is even though these organisations had spent vast amounts of money on systems to have these rolled out across the enterprise. There is an apparent gap in most entities that can quickly be fixed with SystemSkan to bring them back to the correct compliance levels.”
SystemSkan also highlighted major leaks and data breaches that were the result of public file sharing services such as Dropbox and Box.com. Mc Loughlin says that in addition to sensitive company data being placed in the public domain as a result, several organisations had users putting financial and personally identifiable data in unprotected and open public sharing services.
“Every company out there has attempted to reduce unauthorised or malicious access to the network, often through a company-wide lock down on resources. However, security systems offer too little contextual information when a breach occurs, or they produce too many false positives. SystemSkan’s successes around the world are testament to the fact that the key to mitigating the insider threat is to be able to deter¬mine the context and the intent of an individual. Apart from having policies and processes in place, a system which consistently monitors user behaviour is an essential foundation to any security solution,” Mc Loughlin concludes.