Data Loss Prevention Challenge – No. 7 – Insider Threats
It’s amazing how often I speak with clients about their cybersecurity activities, and the focus is nearly always on preventing external threats. It’s almost as if preventing insider threats is low on their priority list, yet organisations are more likely to lose data to an insider than an external attacker.
Insider threats can be both malicious and accidental. In my blog on human errors, I discussed how humans are not infallible and will always make mistakes, such as sending emails with confidential data to the wrong recipients. We’ve all typed a name, had the system autocomplete the wrong email address, and hit send without noticing, only to realise sensitive data has been sent to the wrong person.
We can develop Data Loss Prevention (DLP) policies to help restrict the loss of sensitive data by notifying the sender that their email contains sensitive information and should be classified as confidential. We can also restrict certain staff from sending confidential emails with sensitive data, reducing the chance of accidental leaks.
Even if confidential emails are sent, they can be automatically encrypted. If you realise you’ve sent an email to the wrong person, you can revoke access before it’s opened.
Deliberate threats can come from any staff member, whether permanent or temporary, who has internal system access. Implementing access controls is crucial. These controls set permissions for folders and files, ensuring only those who need access can get it. This area has evolved, with many organisations adopting Role-Based Access Controls (RBAC) to manage permissions more effectively.
Identifying sensitive data, classifying files, and implementing DLP policies also limit the movement of files both internally and externally. The challenge of implementing DLP policies and access controls cannot be underestimated. Many organisations struggle with these projects because they require significant business involvement, and IT alone cannot answer all the questions. Project leads often need to bridge the gap between IT and the business.
Despite the effort and challenges, a well-implemented DLP and access control environment can enable both continued business operations and robust data security, meeting the needs of both the business and the security, risk, and compliance teams. What challenges have you experienced when running your DLP or access control projects?
