RESEARCH FROM SECURITY FIRM Imperva suggests that every company in a study is at risk from malicious insiders.
That's bleak news, particularly if you have responsibility for security at a firm, or if you are a particularly bad person who thinks that they have a knack at getting away with something.
We know that things are bad, but Imperva's 100 percent finding surprised us. It was based on a study of its customers. Presumably, they know who they are and are all looking at each other funnily these days. Leaky types, according to the firm, are suspects like Edward Snowden and Chelsea Manning.
"To understand how to identify the true warning signals that will help stop the insider data breaches at an early stage, we collected live production data from several customers of Imperva," said the Imperva insider threat report (PDF).
"The data contains full database and file server audit trail records, achieved by monitoring databases and file shares in the organisation. From looking at our data, we can only conclude that the current security layers are not good enough when it comes to detecting data breaches.
"While all of our customers had the 'right' security layers in place, they were not able to identify many types of compromising, negligent or malicious behaviour. What companies need are new technologies for detecting insider threats.
"These technologies don't only rely on propagating and accumulating incidents, but rather are focused on the attacker's goals (your data) and actions (attack vectors such as dumping credentials, network manipulations and data access patterns)."
These sort of capers are not easy to spot, unfortunately, and Imperva said that in most instances data was stolen by people with privileges, as opposed to being hacked away, and that incidents ranged from the malicious to the mistaken. It reckons that firms will have difficulty dealing with the problem. It probably knows a thing or two about suitable solutions as well.
"Just finding anomalies in user behaviour will not solve the insider threat problem," said Amichai Shulman, co-founder and CTO at Imperva.
"Enterprises need to have granular visibility into which users are accessing data and, more importantly, the actual queries and data accessed by each user. This deep level of insight proved critical to separating actual incidents from anomalies."
Turns out the firm has just launched something called CounterBreach, which seems apposite. µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
Firm argues that Cupertino prevents devs from operating on equal terms
Under pressure, pushing down on me, pushing down on my screen
Keep an eye on that neighbour who's been talking about making a killer drone...
WiFi, why Delilah