RSA, RSA, RSA, it’s all about RSA Conference 2019 this week, for sure. To kick it off, Dtex hosted its annual Global Insider Threat Summit. This year’s program featured several customer panels that provided attendees with a deep education on how enterprise and government industry peers are handling the insider threat problem in their organizations.
Capping off the event was Admiral (Ret.) Mike Rogers, former NSA Director and Commander of US Cyber Command. In a fireside chat with Dtex Systems CTO and co-founder Mohan Koo, Rogers explained to the crowd how malicious insiders like Edward Snowden aren’t the only form of insider threat that security and risk professionals should be thinking about. He emphasized that security strategies also have to account for defending trusted workers against attacks and helping them to avoid making mistakes.
Dtex certainly isn’t the only organization refocusing attention on the insider threat. In addition to it consuming a decent proportion of the RSA conversations, several news media outlets and a major security vendor dedicated focus to it. Among them:
SC Magazine: Are employees the weakest (cybersecurity) link? Sometimes, by Karen Epper Hoffman. This lead article in the magazine’s look at the “people problem” in security features commentary from Dtex Customer Graeme Hackland, CIO at British Formula One team Williams Racing. Hackland proposes that employees don’t have to be the weakest link. Writes Hoffman:
“I meet every new [employee] and I always tell them, you are the first and last line of cyberdefense!” says Graeme Hackland, CIO at British Formula One team Williams Racing. Hackland shies away from referring to employees as an organization’s biggest threat, because he believes “that kind of thinking drives division between those responsible for IT risk and the rest of the organization.”
Later in the article, Hoffman again quoted Hackland for insights on how to address the people problem, with him stating that education, transparency and technology all need to be utilized. She wrote:
Hackland stresses that “transparency is critical in education,” and urges companies to “be open about what monitoring is in place and how it is used.” Williams adopted a “people-centric approach to IT risk. Trust, but verify, became our strategy” in 2014, he says, explaining that the company uses the Dtex Enterprise DMAP Intelligence platform to protect its Formula 1 confidential information.
RSA Conference Blog: Fast-Changing Security Landscape May Render This Year’s RSA Conference the “Most Human” Edition Ever, by Tony Kontzer. This blog is particularly telling of things to come. It points out a shift in security community thinking and how human risk is occupying a greater share of it. Tony wrote:
Workers in every role, from store clerks and maintenance staffs to truckers and dock workers, are interacting with complicated technology back ends, accessing and updating data, and quite often opening up more gaping holes for bad actors to exploit.
Which brings me back to my sense that this will be a historically “human” RSA Conference. Not that the role of humans in security is a new topic. Numerous RSA Conference sessions have been devoted to topics such as insider threats, social engineering, and user behavior modification over the years. But never before have these topics carried the weight that they do now.
Fast forward to today, and a more recent report from threat detection vendor Dtex Systems found that nearly two-thirds of all insider attacks are due to careless behavior or human error.
The question is: How has this been allowed to reach such epidemic proportions?
Verizon: If there is a seminal report in security, it may the Verizon DBIR. Since its inception, it has been all about how the company’s array of global sensors detects and identifies threats from every corner of the earth. This week, the company refocused on the role of the insider with the release of its Verizon Insider Threat Report. According to Verizon:
Twenty percent of cybersecurity incidents and 15 percent of the data breaches investigated within the Verizon 2018 DBIR originated from people within the organization , with financial gain (47.8 percent) and pure fun (23.4 percent) being the top motivators. These attacks, which exploit internal data and system access privileges, are often only found months or years after they take place, making their potential impact on a business significant.
You can learn more about the insider threat and how Dtex helps mitigate the problem by reading several of our papers:
Introduction to the Insider Threat: What It Is and Why It Matters
The Dtex Advanced Enterprise DMAP Intelligence Platform
Williams F1 Leverages Dtex Enterprise DMAP Intelligence to Manage Insider Threats and Secure IP