Top Cybersecurity Lesson from 2016: Unchecked Insiders
(Page 2 of 2)
flagged so it can be detected and stopped before the damage mushrooms.
Richard Spires, the former CIO of the IRS and DHS, remarking on the OPM breach of millions of extremely sensitive and potentially compromising files, commented, “[I]f I had walked in there [OPM] as the CIO—and, you know, again, I’m speculating a bit, but—and I saw the kinds of lack of protections on very sensitive data, the first thing we would have been working on is how do we protect that data? OK? Not even talking about necessarily the systems. How is it we get better protections and then control access to that data better?”
Sony Pictures, Mossack Fonseca (the so-called Panama Papers), and the Democratic National Committee all lost files and e-mails that were not protected well enough from insider threats or outside attackers who compromised insider credentials. The fallout from those breaches inflicted lasting pain and reputation damage. With such crises as motivation, more companies should be strengthening their security postures. And yet, we continue to see these breaches in headlines with alarming frequency.
Even the NSA, whose breach via Edward Snowden became one of the most famous insider attacks, was again hacked. Some experts speculate that an agency insider may have downloaded the data and leaked it later online. Whether an insider account is abused by a malicious or careless employee or contractor, or compromised by an outsider through ransomware, phishing, or other attacks, insider accounts must not have access to more data than they require, and data usage must be tracked and analyzed so abuse can be detected. What will be the driving force for more organizations to focus on protecting their information assets?