point

Risk in a Digital World - Dealing with Insider Threat

Srividya Kannan, Founder & Director, Avaali Solutions
Sunday, October 16, 2016
Srividya Kannan, Founder & Director, Avaali Solutions
Headquartered in Bengaluru, the entity specializes in providing enterprise solutions for content and business driven collaboration projects.

Digital Transformation is Board mandate for several enterprises. Digital is reshaping markets, dissolving industry barriers and enabling unprecedented information flow that brings down the cycle time to business. While a lot has been written about the immense opportunities with Digital, it is important to recognize the risks that come with it. Gartner states that, close to 60 percent of digital business will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology.. Marking the first time, the United States has charged state-sponsored individuals with hacking to disrupt the networks of key U.S industries, just this month we saw an announcement by the U.S Justice Department that it had indicted seven hackers associated with the Iranian government. This allegedly caused tens of million dollars in losses to affected institutions and businesses. The continuing legacy of targeted breaches Sony, JP Morgan, Sony, AT&T, Vodafone, Home Depot etc. determines that this problem has moved beyond just the IT function to functional heads, senior management and corporate boards as well. The ramifications of a default are many rights from legal, financial to a risk on brand and reputation.

Corporate cyber security efforts are often directed towards the threat of outsiders trying to hack into an enterprise network but the biggest security threat could come from within an enterprise, in the form of their own employees or ecosystem who could unwittingly expose data and network to very great danger.

Insider Threats pose a great risk to enterprises because of the access that employees and contracts have to sensitive information. This includes accidental dissemination of data through negligence, as well as deliberate misuse via theft and so on. Protecting information and assets is top objective of any enterprise. Enterprises spend a lot of time and effort to put in place the right protections across people and networks. This is not a one-time effort, but needs to be reinforced continually across the lifespan of the enterprise. At the same time, it can't be at the cost of inhibiting collaboration or lowering productivity by cutting information into pieces before it is accessed. Good corporate practices always include enterprises remaining vigilant and aware about the risks being faced. They also collaborate with peers in their industry to understand good practices and its applicability for adoption within their enterprise.

On an average day, employees are likely to log on to online services such as personal mail and drop-box, send confidential files to the nearest printer or store data on USB drives. It is quite likely that some of them may accidentally send an email to the wrong email address and not realize, or realize post facto. The first step in the risk mitigation process is acknowledging the issue and investing in a risk mitigation plan. The next step is to agree on an action plan in the unlikely event that such an issue is discovered despite all the protection measures deployed.


Share on Twitter
Share on LinkedIn
Share on facebook