By Sicco Boomsma, Director in ING’s Structured Finance TMT team
Organisations are implementing increasingly advanced cyber-security technology to protect their networks and data from outside threats. But preventing the theft of sensitive information from within systems and especially by employees adds an additional layer of complexity that must be addressed.
Human actions, whether unintentional mistakes or malicious insider activity, are a major threat to platform and information security across all organisations. No matter how robust the technology, any individual with access to an organisation’s systems and data, it is a potential vulnerability – an unwitting response to a phishing message, a mistakenly downloaded web document or an opened email attachment containing a virus are all significant weak points.
IBM Security Intelligence notes that 95% of all security incidents involve human error: “Many of these are successful security attacks from external attackers who prey on human weakness to lure insiders within organisations to unwittingly provide them with access to sensitive information.”
A large number of recent high-profile corporate IT security breaches can be traced to human error or intentional malicious actions. This has not only raised management awareness about the risks, but is also drawing the attention of regulators, who are drafting tighter rules on information protection, particularly in sectors managing highly sensitive personal data such as banking, insurance and healthcare, where breaches can have huge implications for both the individual and the company holding the data.
The trend is causing organisations to adopt more comprehensive strategies and increase their cyber-security budgets. The trade-off between increasing operational costs to protect your business versus the alleged reputational risk opportunity loss is increasingly falling in favor of investing in infrastructure protection as well as increasing automated protocols for the treatment of sensitive data. Consequently, growth in the market for platform and information security is forecast at a compound annual rate of 5.8% over the coming years, according to Gartner, creating a sector worth €8.1 billion globally by 2019.
Systems combining a variety of information and network security technologies, coupled with event management and threat intelligence, are being implemented more widely, enabling organisations to detect incidents and manage them on an internal and external basis. These products can also support cyber-assurance policies that require close monitoring of threats to provide adequate coverage in the event of breaches.
Among key technologies being deployed are Secure Email Gateways that provide inbound protection against malware and spam from emails, and also monitor, inspect and encrypt outbound email content. Similarly, Secure Web Gateways protect internet-connected devices from infection, filtering unwanted software and malware from internet traffic while enforcing compliance with corporate and regulatory data protection policies. Data Loss Prevention systems also play a key role in preventing information leakage by identifying and plugging weak points that could enable cyber-criminals to access, hi-jack or attack-and-destroy confidential data.
Should unusual activity occur, platforms that provide Security Information and Event Management (SIEM) are essential for organisations to identify and respond to threats and breaches, including detecting malicious activity or deviations in network access and usage. SIEM systems can collect data for real-time detection and provide analysis of security events, in turn enabling an instant and automated response to threats.
Perhaps most important is Threat Intelligence, based not only on security technology but human expertise. Threat Intelligence systems automate the process of identifying important attacks out of vast amounts of irrelevant data, tracking events as they occur with real-time analysis that monitors the behaviour of software, systems and the human factor to detect incidents that might be malicious.
Threat Intelligence allows organisations to draw on evidence-based knowledge, including the context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard. Because events are logged, Threat Intelligence platforms provide forensic data that can be used to determine patterns, predict possible attacks and attack vectors, and help to prevent future attacks.