London (UK): As global attention swirls around protecting corporate and government networks and sensitive digital files from external attacks, the more common and dangerous threats remain from within the organisation. The September issue of Harvard Business Review highlights “The Danger From Within,” reinforcing a realisation that is driving the adoption of solutions from Varonis Systems, Inc. (NASDAQ: VRNS), the leading provider of software solutions for unstructured, human-generated enterprise data.
“Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity,” wrote Oxford University professors David M. Upton and Sadie Creese, who are co-leading the Corporate Insider Threat Detection research program, an international project to help organizations uncover and neutralize such threats.
The Harvard Business Review report continued: “According to various estimates, at least 80 million insider attacks occur in the United States each year. But the number may be much higher, because they often go unreported. Clearly, their impact now totals in the tens of billions of dollars a year. Many organisations admit that they still don’t have adequate safeguards to detect or prevent attacks involving insiders. One reason is that they are still in denial about the magnitude of the threat.”
In a 2013 survey of more than 120 companies, Varonis found that most leakage of intellectual property caused by internal access was not malicious or even intentional. Among the causes: employees who upload sensitive, work-related data to their personal cloud accounts; low awareness of non-disclosure agreements; lack of training and ongoing communications about protecting sensitive data; and the absence of available tools that enable organizations to manage and control who has access and who should have access to sensitive, non-public data files. The survey found that only 46% of respondents were asked to return digital content when leaving their last position.
Among the researchers’ recommendations is monitoring employees’ access and use of data. In describing the study, Professor Upton reported, “We have burglar alarms installed to prevent people breaking into our houses. But it’s the people we let through the door that are the problem. It’s the same for organisations. The principles used to defend against external threats just don’t work with insiders. In recent years businesses have been letting more people into their houses – be it through the use of cloud services, Google drives, employees bringing their own devices to work, or through the proliferation of social media and use of big data. Though these people may have a legitimate access to an organization’s cyber-assets, the scope for them to exploit this or be exploited is hugely increased.” Further information about the research can be found here: http://www.cs.ox.ac.uk/projects/CITD/
David Gibson, Varonis VP, said, “The work being done at Oxford by Professors Upton and Creese has great importance because internal threats continue to be underestimated and often misunderstood. The explosive growth of unstructured data – from emails and spreadsheets to presentations, documents and other files created by employees – has amplified the problems inherent in uncontrolled internal access. Through our patented Varonis Metadata technology, we have been helping organisations get a handle on fundamental imperatives such as understanding who owns which files, who has access and who actually does access the data, who should and shouldn’t have access, who abuses their access, and which files are sensitive and exposed to risk.”