Lookout explains cyber risks that arise in companies themselves
Cyberattacks by anonymous attackers from outside are far from the only danger that companies face. Far too often, the risk of a shortage of skilled workers, insider threats and home office scenarios is underestimated.
Hendrik Schless, Senior Manager of Security Solutions at Lookout , explains the different aspects and actors:
“Insider threats have always been a problem. With the rapid expansion of corporate infrastructure and increasing reliance on the cloud, the problem is only getting more complex. In the past, conventional data loss prevention (DLP) solutions were used at a defined security perimeter and monitored all incoming and outgoing data traffic. The difficulty is that these tools have no insight into how users interact with the data within that scope. So, if a user downloads a file locally or makes certain changes, the security team may not be alerted. Some companies have implemented file integrity Monitoring (FIM) solutions that monitor changes at the file level. But there were also ways to get around this.
While the cloud has allowed us to make tremendous progress in collaboration, scalability and data access from anywhere, it has also brought more risks. Insiders often have access to far more resources than they actually need for their work. Attackers have therefore recently focused on phishing employee access data in order to launch their attacks. Comprehensive access to the infrastructure also means that an angry, renegade employee can cause big problems for the company.
Modern DLP solutions are able to monitor data usage, regardless of where the data is located in the infrastructure and whether it is at rest or in motion. Combining with User and Entity Behavior Analytics (UEBA) as part of a larger Cloud Access Security Broker (CASB) solution is the best way to prevent insider threats from compromising data.
Remote work only makes it even more difficult for companies to keep track of how their users access, edit and manage corporate data. The forced use of unmanaged smartphones, tablets, laptops and PCs has caused many companies to lose control of their data. They were therefore unable to ensure that these devices are free of malware when handling sensitive data. Moreover, without the right tools, there was no way to ensure that the data was protected or handled properly once it arrived on the unmanaged device.
The use of a CASB solution that can monitor user access and data interaction from both managed and unmanaged devices is the key to ensuring data security in the era of remote work.
The Great Resignation puts even more pressure on the IT and security teams for two reasons. First, an employee who wants to quit could try to steal data – especially if he switches to a competitor. Lookout has observed this several times in various industries in 2021, and it is one of the most common use cases for insider threats. Secondly, these teams need to properly outsource employees remotely and block all their access. Also, you need to make sure that everything that was stored locally on the laptop was not transferred to a personal cloud account or computer.
In the field of security, there must be a healthy balance between the use of technology and the human aspect of the work. Some of the most successful security teams rely on tools to detect risks before they occur. However, just when an event triggers a rule, you turn on an employee who watches the situation to make sure that the right action is being taken. An example of this is protection against data loss. The tool intercepts a sensitive file that has been shared or modified, logs the action, and may even quarantine the file. A member of the security team can thereby assess the situation in order to ensure that no longer-term effects are to be feared.“