External security threats are a top concern for most businesses, but threats that come from within can blindside an organisation. Organisations need to tailor their policies, internal awareness regimes, and security tools to make sure they’re protected from the inside out, as well as the outside in.
Stephen Urquhart, general manager ANZ, Ixia, said, “Information is becoming a popular commodity for criminals around the globe, so companies have to do what they can to make sure that information stays safe. At the same time, our increasingly-connected world is opening up new ways for information to be lost, inadvertently shared, stolen, or appropriated by unauthorised agents. Companies need to protect this information from the inside.”
Ixia has identified three key components to designing an inside out security strategy to keep data safe:
1. Policy Organisations should build security architecture with multiple layers to protect the areas of the organisation where most of the internal information assets reside. It is best if data is encrypted and companies should also implement a tiered permissions identification system.
At the same time, businesses should implement an overall corporate security policy that all levels of management support. This helps to make sure everyone is on the same page with practical security measures, such as using stronger passwords and changing them regularly.
2. Awareness Companies should train employees to recognise cyber criminals’ tactics and understand how to avoid being tricked. Additionally, given that most ‘inside out’ data breaches are accidents, businesses need to teach employees how to manage sensitive information, stay up-to-date on threat intelligence reports, and be aware of the latest cyber-criminal exploits.
3. Tools Companies should implement a selection of tools that monitor streaming applications on the network to identify unusual behaviour or unknown network applications effectively. This can help prevent exploits from being discovered after it is too late to mitigate them.
Additionally, businesses should use testing solutions to make sure all programs are running as expected prior to deployment. This can ensure that data is kept where it is meant be kept, making it easier to protect.