To find out more about the risks of insider threats, check our new GovLoop Academy course, A Layered Approach to Insider Threat Prevention. This blog post is an excerpt from the course.
Insider threats are dangers that originate within an organization, and they’re one of the biggest hazards that agencies face. They can come in all different forms, and their proximity to sensitive data can grant them much easier access to classified information compared to external hackers.
A layered security approach is one of the best ways to protect agencies from insider threats across systems. It tracks users’ identities, access privileges and network activity.
For example, layered security starts with multifactor authentication (MFA) to verify users, tracks network users as they change roles, and can allow for the simple deprovisioning of permissions.
Below are the steps and solutions for applying a layered security approach.
First, agencies need to reduce access to sensitive data for administrators and other privileged users. While network administrators might receive blanket access to all systems, an indiscriminate security procedure poses risks to everybody. Reducing an organization’s number of privileged users means there’s less chance of accidents or malevolent use of highly sensitive data or systems.
In addition to scrutinizing administrator access privileges, audit the permissions of all agency staff, as well as common systems. Not every application requires universal access, and people who leave one project or office could be insider threats even after their departure.
As-needed data access can limit these potential pitfalls with real-time monitoring and control of who is on the networks.
Finally, agencies need the right tools to apply layered security and stop insider threats. Legacy tools often don’t have these abilities or have too many gaps for them to be effective deterrents of insider threats. New tools can make insider threat prevention easier, by offering emerging technologies such as artificial intelligence and predictive analytics.
The benefits of an integrated platform are about reducing the risk and exposure time of security events, and thus, realizing the value of the layered security approach much more quickly. So, the challenge is finding faster, easier ways to make sense of the flood of incoming data. The answer lies in security analytics that distills billions of events into a prioritized list of threat leads to maximize productivity of highly sought-after cybersecurity staff, according to Kevin Hansen, Chief Technologist of Micro Focus Government Solutions.
Micro Focus’ security platform uniquely combines asset management, identity and access governance, privileged account management, data governance, security analytics, and security event management. By combining these capabilities into a single platform, government security teams gain a greater visibility and context into what is happening on their network much faster, reducing risk and exposure.
– Kevin Hansen, Chief Technologist of Micro Focus Government Solutions.
Enterprises need expanded cybersecurity threat detection while working within the confines of a fragmented landscape of security tools and scarce skilled personnel. This not only helps agencies realize security compliance quickly, but more importantly, helps them identify activity that poses a threat. From there, they can use governing controls to automate mitigation of those threats, minimizing the associated risks and exposure time more quickly.
To learn more about insider threats and how a layered security approach can help, check our new GovLoop Academy course, A Layered Approach to Insider Threat Prevention.