November 29, 2016 By Laurène Hummer 3 min read

Each day, in every corporation, school, government organization and nonprofit, people are generating great value for the economy by creating, manipulating and interacting with precious information. In fact, much of the value in today’s economy is created and stored digitally, from intellectual property, trade secrets and customer lists to the actual dollars they generate. At the same time, cybercriminals are engineering complex breaches to access and steal that information.

Security Starts With People

In both scenarios, the story starts with people, which is why security must start there as well. To prevent cybercriminals from stealing the fruits of their labor, organizations must know who their people are and understand what they do.

The identities of your trusted users remain a major attack vector. In fact, 63 percent of confirmed data breaches involved weak or stolen passwords, per Verizon’s “2016 Data Breach Investigations Report.” In addition to proving that security starts with people, this troubling statistic tells us two things. First, it’s critical to know whether an impostor is leveraging stolen credentials. The best way to prevent a breach is to gauge the risk of an access request coming from an impostor and respond quickly by locking the account. Second, passwords are just not strong enough to assure the identities of users accessing sensitive information.

For example, let’s say a U.S.-based engineer usually accesses proprietary code from his or her work laptop in the office during normal workday hours. Now this same employee is trying to access that information from China in the middle of the night using an unrecognized tablet. This is likely an impostor leveraging stolen credentials, so it’s imperative that organizations recognize these types of requests. If, by chance, it really is the legitimate employee on a business trip, this employee must have the tools, such as biometric authentication, to prove his or her identity with a high degree of assurance.

Strong authentication is necessary to address both of these issues. Access policies that take the context of the request into consideration, coupled with a variety of user-friendly, strong authentication methods, can increase security without compromising productivity.

Minimizing the Insider Threat

As painful as it is to admit, sometimes security threats come from within our own walls. In 2015, IBM X-Force found that 44.5 percent of attacks against corporations involved a malicious insider. Employees or third parties with privileged access to sensitive data carry the greatest risks. They have the potential to inflict maximum damage and can be hard to detect because they regularly manipulate sensitive information for their jobs.

To protect against insider threats, it is best to take a two-pronged approach. First, reduce exposure to harmful insider actions by putting the right security measures in place around sensitive data and ensuring access is granted only to those who truly need it. Identity governance, user life cycle management and the right access policies play a key role in minimizing risk.

For users who legitimately need access to sensitive information, organizations must be able to detect insider threats. Enterprises can greatly reduce the potential damage of an attack by anticipating the risk of malicious actions before they occur and responding promptly when breached.

Let’s say, for example, that a financial analyst generally accesses revenue data once or twice at the end of the quarter, but has gone in five times this week and it’s nowhere near the quarter’s end. HR data indicates this individual was denied a promotion. These risk factors isolate the employee’s behavior among millions of other transaction points for additional investigation.

Organizations can observe users’ behaviors while respecting their right to confidentiality, striking a balance between security and privacy. Available corporate data, when evaluated jointly with transactional patterns, can offer insights on the risks of malicious behaviors.

What’s Next?

IBM announced several product enhancements and a new service offering to help customers know their people and understand what they do. IBM Verify, a mobile multifactor authentication capability, assists organizations in knowing their users and protecting themselves with simple, strong authentication using mobile biometrics.

IBM also strengthened the capabilities of its governance and privileged identity management tools to reduce risk and protect your most sensitive data. These solutions use business activities and actionable dashboards to identify risky access and act upon it quickly and easily. Additionally, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence.

Fight Back Against Insider Threats — Join the Dec. 14 webinar to learn how

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today