A threat looming ever larger in the minds of IT leaders
is the risk of data loss through inappropriate behaviour or misuse
by someone who is authorised to access the network and its
information, writes Geoff Sweeney, CTO of
Tier-3.
Consider a situation where an individual has been granted access
to the network, applications and databases so they can perform
their normal business activity, but whose behaviour becomes
mischievous after authorisation. Perhaps they are downloading
entire customer databases to their laptop or looking to e-mail
sensitive data to an address outside the company, or copy it to a
removable medium such as a USB stick. They are abusing the access
rights they have been granted and need to be stopped to protect
against the loss of valuable information assets.
Lars Davies, a compliance specialist at Kalypton, says, "If an
authorised individual has inappropriately accessed or copied
company information, then potentially an unauthorised access under
the
Computer Misuse Act has occurred it could also be a breach of
copyright law.
"If any personal data is involved, it could also constitute a
breach of the
Data Protection Act.
"This is not just a breach of trust. More immediate for the
company is the loss of valuable information and the remediation
costs. It may also stand accused of having failed to put sufficient
safeguards in place to prevent a breach, and the directors could be
implicated for failure in their fiduciary duties to protect company
stakeholders from loss."
No rules for behaviour
The thief may be a disgruntled employee, a contractor attempting
to steal some of the company's intellectual property or even a
trusted senior executive: there are no rules to predicting human
behaviour. Inappropriate action of this type by anyone who has the
authority to access sensitive company information can and still
does occur.
What is required is the means by which suspicious or unusual
access or movement of sensitive data, irrespective of the
initiator, can be detected and assessed for legitimacy.
Behavioural
anomaly
detection uses intelligent real-time analysis to inspect and
alert security managers to inappropriate user or system behaviour
as soon as it deviates from the norm. Inappropriate data access can
be spotted immediately without the need for complex access and
asset prioritisation rules with all their management overheads. The
intelligent technology simply blocks unusual system or user
activity and flags it to security and risk managers for their
response.
Data breaches from unauthorised access and improper use are a
growing problem, but they can be detected and prevented with
appropriate security strategies and technology before they result
in loss.
Behavioural anomaly detection technology identifies when a
legitimate user's behaviour is non-compliant, blocks it and
systematically stores a copy of all access logs in a forensic
repository as evidence.
The smart technology can automatically detect and protect
valuable company information assets from misuse or theft as it
occurs, rather than respond after the horse (and its valuable
information) has bolted.
Geoff Sweeney is co-founder and chief technology officer of
Tier-3 and will be
speaking in the technical seminar programme at
Infosecurity Europe on
"WWIII has started: Shape-shifting heuristic threats"
Access management comes first >>
How do you prevent employee wrongdoing? >>