Top Tips to Strengthen Security and Protect Systems against Insider Misuse
IRVINE, CA, September 24, 2014—The recent 2014 Verizon Data Breach Investigations Report revealed a disturbing trend, which is the fact that users’ access rights have become a weak point in the security policies for the majority of organizations. The report proves this tendency by stating that 88% of security incidents were caused by insider misuse, also indicating that only 9% of data leaks were discovered due to continuous auditing of IT systems.
The issue of insider threats is aggravated with the fact that a breach can take from days to weeks to be discovered, and in some cases, years will pass until you find out that sensitive information has been compromised. At the same time, according to the 2014 InfoWorld Navigating IT Report, although 89% of IT professionals admit the necessity of investments in security, only 44% of large enterprises and 13% of small and medium businesses actually plan to invest and enforce their security policy in the near future.
Considering this trend, Netwrix Corporation, provider of change and configuration auditing software, explains why monitoring of access privileges on the regular basis and protecting systems against insider misuse is a must for organizations of all sizes.
To help companies avoid security incidents and their devastating consequences, Netwrix shares three of the top questions every company should be able answer positively to ensure the protection of sensitive data against insider threats:
- Do you monitor user accounts’ activity regularly? –This is critical for companies where the number of user accounts is changing constantly or where, as result of internal shifts, users’ permissions are regularly updated. The risks often hide in the active accounts of former employees and in accounts with redundant permissions. If you monitor changes across the entire IT infrastructure, you have complete visibility into who made a change, as well as when and where the changes were made; therefore, you can track any malicious activity.
- Do you know your data and who has access to it? – The accelerating volume of security incidents that have been caused by privilege misuse shows that companies are unaware not only of who has access to the data but also of places where this data is stored, uploaded, and shared. Monitoring your IT infrastructure and tracking changes made to sensitive data will help you to minimize security violations.
- Are your employees aware that their activity is being monitored? -This practice should definitely be a part of any company’s security policy. Publishing anonymous reports and sharing them among employees explains better than words that everybody is responsible for data security, and it forces employees to control their actions.
“Even with the understanding of the necessity to protect sensitive data, only few companies realize that IT infrastructure should be taken under control. Unfortunately, far less of them track changes and monitor users’ access rights,” said Michael Fimin, CEO and co-founder of Netwrix. “However, having your IT system audited on the regular basis allows you to keep an eye on any malicious change. Having complete visibility across the entire IT infrastructure not only facilitates investigation in case a security breach occurs, but it also ensures that your sensitive data is under permanent control.”
Meet Netwrix at SpiceWorld in Austin, TX on 22-24 September 2014 and find out more about tips that help strengthen the security of IT systems and protect sensitive data against insider threats.
About Netwrix Corporation
Netwrix Corporation, leading provider of change and configuration auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This streamlines compliance, strengthens security, and simplifies root cause analysis. Founded in 2006, Netwrix is ranked in the Top 100 US software companies in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.