Halfway through the year, 2018 has seen an increase of insider threats that continue to highlight how privileged access is easily abused for a variety of nefarious activities. Tesla, the electronic car manufacturer, was hit by an insider that used their access to sabotage systems and give away trade secrets. A Punjab National Bank employee gained access to sensitive passwords to the SWIFT interbank transaction system. And in a further abuse of user’s privacy and trust, a member of Facebook’s security team leveraged their access to spy on users private data and stalk women.
We often do not like to differentiate between “insider threats” that originate from the outside of an organization–for example ransomware that once on a victim’s machine leverages their access to data on the network to encrypt files–versus an actual employee inside of the organization, because the outcomes while different exhibit similar behavioral patterns. Identifying these behavioral patterns are key in stopping insider threats, however, to do so we have to monitor user and data activity. The latter continues to be a shortcoming for many organizations.
As we continue to monitor growing trends in data security we are reminded that all the well-formed regulations and fancy machine learning in the world won’t help if we aren’t monitoring privileged access and the activity of data.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies responsible for end-to-end product vision and innovation. With a 16 year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.