Much has made recently of the “insider threat” and how it can affect an organization’s data security. But which is really a bigger threat to your organization? A hacker or a disgruntled employee with access to the company’s confidential data?
The answer might surprise you. Although the intent of a hacker is generally more insidious (stealing your banking log-in, for example), the insider threat is actually more costly simply due to an employee’s access to company data.
A recent survey,“2011 CyberSecurity Watch Survey” found that, although there are more instances of cyber threats, their overall cost is less than that of an insider-caused data breach. The survey concluded that more attacks (58%) are caused by outsiders (those without authorized access to network systems and data) versus 21% of attacks caused by insiders (employees or contractors with authorized access)… however 33% view the insider attacks to be more costly.
Don’t let an unsecure flash drive cause business disruption, productivity loss, revenue loss, and fines.
Recent events in the news have demonstrated the ease with which portable devices can be used to steal confidential data.
Avoid your own personal Wikileaks by securing your USB flash drives. Kanguru’s secure flash drives and remote management capabilities provide excellent protection against data leaks.
The Kanguru Defender Elite coupled with Kanguru Remote Management Console (KRMC) give CIO’s and CISO’s an unprecedented level of control over their flash drives. Data breaches can be prevented with features such as:
Remote Disable/Delete - Remotely disable or delete devices compromised by rogue employees to protect sensitive information and prevent data breaches.
Domain/IP Control - Restrict drive usage to approved domains & IP ranges and prevent unauthorized use in external networks.
Offline Restrictions - Control whether devices can be used offline. Prevent unauthorized use in external networks.
Auditing and Reporting - KRMC enforces a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.
Dark Reading summarizes the annual threat report from PandaLabs. Virus writers were hard at work in 2010 and many of them were focused stealing banking and financial data.
Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. A relative newcomer to the malware landscape, rogueware (fake antivirus software) now comprises 11.6 percent of all the malware gathered and has been given its own category.
There are many interesting details to note in this dubious line-up of data security breaches, including how many health care, government and education organizations are represented. Even more significant is how few business enterprises show up on the list. This may be a clear indication of what many in the data security industry realize and fear – that most businesses suffering a significant data security breach do not publicly acknowledge incidents as they occur.
We expect this to change as more and more data breach notification laws are enforced at the state level. The landmark Massachusetts law will take effect in March, 2010. Data encryption will become mandatory for portable devices that store customer or employee information.
GovInfoSecurity.com has a timeline of data breaches affecting US Financial Institutions in 2009. “Stolen or Missing Hardware” was cited in a number of the incidents, along with “Insider Theft”.
These data breaches could lead to penalties under a number of state laws. The FTC could also impose fines under the Gramm Leach Bliley Act (GLBA), which requires financial institutions to protect consumer data.
Version 2.2 of the Kanguru Remote Management Console (KRMC) has a new feature that will make provisioning secure flash drives easier than ever. Administrators can now import directly from an Active Directory database and program Kanguru flash drives in an automated fashion. The drives will then be hard-coded with Employee data that can be tracked and logged including Name, Email and Phone Number.
While built-in encryption goes a long way towards securing your USB thumbdrives, KRMC goes a step further by providing control and accountability even after the drives have been distributed to employees. The logging and auditing features are extremely useful for showing compliance with HIPAA, GLBA, and a wide range of state laws that are popping up across the country.
The full press release is available at the Kanguru News website.
HSBC has been fined over £3 million ($5 million) for data security procedures that fail to meet Financial Services Authority (FSA) requirements.
The FSA said that, in April 2007, HSBC Acutaries lost a floppy disk in the post that contained 1,917 pension numbers and addresses. And, in February 2008, HSBC Life lost an unencrypted disk holding data on 180,000 policy holders - also in the post.
Costly data breaches can be avoided by remotely managing portable data. Not only is the data encrypted, but the device can be programmed to remotely delete the next time it is plugged in. The company has a log file to show the date, time and location where the data was destroyed.
Last month the FTC cracked down on a mortgage company for violating the privacy rules in the Gramm Leach Bliley Act (GLBA). A lack of information security measures is going to cost the company 10 years of audits.
Agent Genius has a good rundown on how GLBA affects financial institutions like banks, insurance companies, brokers, lenders and so on. As the author notes, “financial institution” can be broadly interpreted.
Data encryption with the ability to log and audit should be a key part of any GLBA compliance plan. Regulators want to see clear proof that information security policies are in place and are being enforced.
Nate Cote, VP of Product Management, chats with BankInfoSecurity.com at RSA Conference 2009. Nate discusses how Kanguru’s encryption and management solutions fit into the broader security and compliance architecture.
Follow us on Twitter