The Problem: Everyone faces the risk of insider threats. Even the Air Force. A couple months ago, police investigated the home of Izaak Vincent Kemp for a marijuana growing operation but ended up finding over 1000 pages of highly classified Air Force documents. The FBI was eventually pulled into the investigation and found that he would have had to make a very clear effort to remove these files from their original location. Kemp later admitted that he simply printed them out at work. The FBI determined that it must have been premeditated because of the steps one must take to avoid security protocols. Even though there are many layers of security protecting data, it does no good when the person stealing it knows them all. Insider threats are one of the most difficult problems to solve when it comes to data protection.
Your company probably has some security in place to deter data theft. It probably includes some sort of threat detection and monitoring. However, many of these solutions don’t actually protect your data. It is easy to realize when the data is being stolen, then stop the bleeding. But the damage is already done. By the time your security solutions figured it out, the culprit would have already stolen thousands of files that you can’t get back. Insider threats are very difficult to stop entirely, as a motivated individual will probably get what they want. However, there are now solutions that can protect your data from attacks and keep your rogue employees in the dark.
What can be done?
At SecureCircle we’ve developed a solution that encrypts your data and keeps users without the right permissions from accessing it. This will stop the threat of a lower employee stealing your highly sensitive data. This type of threat is relatively easy to block. However, if an employee with permissions to read the data wants to steal it and send it to a 3rd party, while the employee can read the file, the third party will not be able to. This is usually the case with insider threats. Financial motivation for data theft is very high in today’s data driven world. The only threat that becomes hard to stop is one where the employee acts alone. Even in this case, we send detailed logs of every action to Splunk or another SIEM to keep your business in the loop of what’s going on. Custom reports can be set up to monitor which employees open which files and consequently you can define “suspicious” behavior in order to lock out employees or simply alert you to what’s going on.