1 WHITE PAPER An Inside Track on Insider Threats You can t take it with you. But many people do, that is, when it comes to corporate data. To stem the problem, companies have resorted to technology. But this is only part of the solution. Successfully mitigating insider threats requires security teams to play psychologist, implementing a broader effort that reminds employees of their moral obligations. This means involving the human resources and legal departments, as well as working with business units, to create an environment that reminds employees that data and intellectual property (IP) do, in fact, belong to the enterprise. Technology helps reinforce, audit, and validate good behavior. Insider Threat Defined A trusted person who has access to intellectual property or data, and who uses that information outside of acceptable business requirements. Misuse of information may be due to malicious intent, an accident, or compromise by outsiders. One of the key hurdles security teams face is altering employee perceptions about data and IP ownership. Startling attitudes about data were revealed in a 2010 street survey of 1,000 Londoners, from entry level to executive level. 70 percent of the people surveyed planned to take something with them when they left their current job: 27 percent plan to take intellectual property, and 17 percent plan to take customer data. Most telling: A majority of the employees surveyed felt that they own the data, and therefore felt justified in taking it. The same survey indicates that these attitudes are not being addressed by employers. 79 percent of the respondents stated that their organization either does not have data removal policies for employee departure, or they were unaware of such a policy. Furthermore, 85 percent of employees store corporate data on their home computers or personal mobile devices. These ordinary citizens represent a serious hazard to security: The insider threat.
2 The insider threat is not just a phenomenon of Western culture it s a problem for any society that has digitized its business processes and stores sensitive data or intellectual property. The exact same survey, conducted in Shanghai and Beijing, revealed that while only 36 percent now feel they own their data, 62 percent had taken data when they left a job in the past; 56 percent admitted to internal hacking, and 70 percent admitted to accessing information they should not have. These surveys indicate that the temptation to access or procure company property, including data, is cross-cultural and part of human nature. While hacking gets more attention from the media and many security professionals, insider threats can have a larger impact. Perhaps the very reason that the problem is so under managed by businesses and their security teams is that it is so pervasive and overwhelming, every employee is a potential threat. Existing research on insider threats reflects the industry s uncertainty in dealing with the problem. Many solid studies and surveys nicely describe and quantify the problem. Most recently, a Carnegie Mellon study recently found that Roughly half of all companies record an insider incident; about three-quarters do not report the event to law enforcement; and firms typically split over whether their insider attacks are more damaging than their external compromises. 1 Another study from FTI Consulting found that, on average, it takes financial service firms almost 32 months for victim organizations to detect fraud coming from insiders. 2 Today, however, it is difficult to find a set of current and common practices for mitigating the risk of insider threats. A New Approach: The Imperva Common Practices Study To provide a starting point for companies to address the insider threat head-on, Imperva conducted its own study to reveal effective practices in a variety of organizations. Our objective was to create a catalog of effective real-world practices to be used as a benchmark and a source of ideas for organizations embarking on this process. And yes, we are a vendor. However, our results do not emphasize products and technologies. Rather, our research highlights the importance of nontechnical aspects, such as the role of human resources and legal to greatly influence the moral dimension of an enterprise. Methodology Our study loosely followed the model used in the book Good to Great by Jim Collins. Collins started with a list of 1,435 companies, examined stock market performance over a several year period, and identified 11 that outperformed their peers. Collins team then studied the 11 in depth to identify the characteristics of great companies and their leaders. Doing the same in security is very difficult. Public information on breaches is hard to procure, making true benchmarking very difficult. However, Imperva started with a sample of 1,000 companies, and identified the top 40 that have successfully managed and prevented insider threats. We interviewed many firms, narrowing our pool based on: Strong need to internally protect data or intellectual property. A security team with more than four years of experience with insider threats. Low number of breach incidence resulting from an insider threats in the past two years. 1 can-do-damage.html 2 2
3 The companies that qualified for our study were diverse and global: Geographies represented included the USA, Australia, Europe, South America, and South Africa. Industries included banking, insurance, government organizations, agriculture, medical device retailers, computer equipment manufacturers, entertainment companies, and online platform developers. Revenues ranged from a few million to billions. Because we were looking for companies that are innovating and breaking new ground to protect against insider threats, our study was designed to catalog what is working, regardless of how common or uncommon a practice may be. We sought out the techniques that forward-thinking companies use now, and a majority of companies will use in the future. Therefore, the output of our study is a qualitative list of effective practices, rather than an exhaustive, quantitative, statistical approach. However, when we saw a practice recur in more than 50 percent of the firms we examined, we called it out. The practices we uncovered fit into four categories that parallel the process that our target companies followed in implementing their security strategies: Establishing Business Partnerships Prioritizing Initiatives Controlling Access Implementing Technology These practices are common best practices, but only best for the companies that use them. We don t anticipate that a one size fits all methodology will emerge from our findings. Our objective in creating this catalog is to let companies cherry pick the practices that are right for them. Insider Threat Defined With our interviewees, we agreed upon a common definition of insider threat : A trusted person with access to intellectual property or data who uses their privilege in excess of acceptable business requirements or practices. Misuse of information may be due to: Malicious intent An accident Or, being a compromised insider, usually via malware It is worth noting that many organizations focus on malicious and accidental breaches, and not on breaches caused when employees are the victims of outsider hacking, malware, and the like. Insiders who leave themselves open to being compromised are a growing source of the insider threat. 3
4 Part #1: Establishing Business Partnerships Typical businesses view InfoSec (Information Security) as a policy cop, paranoid custodian, and overall barrier to progress and innovation. A February 2012 Forrester report, Navigate the Future of the Security Organization, summarized the issue with great clarity: They see people in the IS profession as technologists, not equals. The No. 1 complaint from the board is that they are stuck dealing with very complex and technical people. Typical InfoSec teams are failing to demonstrate a return on security investment (ROSI), or even to outline how their day-to-day activities protect the intellectual property valued data assets, and even reputation of the business. As a result, business units even other parts of IT frequently bypass InfoSec until the end of a project, and then order them to make it secure. The atypical companies in our study find innovative ways to partner with their internal customers and earn their seat at the table. The practices in this section describe how these InfoSec teams have built partnerships throughout the organization. One interviewee explained: Information Security enables the business to grow, but grow securely. Practice #1: Build the Business Case We observed that companies with mature and effective programs to address insider threats approached it as a partnership effort, working directly with the R&D, finance, or whatever business unit had concerns around sensitive data. Specifically, they worked closely with the business unit(s) to understand and identify a tolerance for risk, and to continually develop a case for security that was appropriate to that risk. In other words, security would collaborate to develop an acceptable insurance plan needed to help mitigate against an insider threat. However, building the business case wasn t a document that said, we re at risk. Many enterprises already perform such exercises. A risk document was only a part of the process, a small part. Building the business case, for thought leaders, focused mostly on the process of building a case to make the business units better comprehend the risk. The companies in our group use several common approaches and activities to gain the attention of their non-security colleagues: Practice #1A: Make Security a Revenue not a Cost Center More and more, enterprises recognize that they operate in a world where connectivity is high. Not surprisingly, in 2012, data security was earmarked as the most important corporate priority by 48% board members of and 55% general counsels. 3 In our group, many firms successfully took advantage of this new reality by elevating their roles from technical security to business security. Traditionally, security is typically classified as a cost center due to its technical nature. However, outlier teams successfully positioned themselves as the guardians of data and intellectual property, helping assure normal business operations. Practice #1B: Make it Personal A key finding is that this approach makes it personal: InfoSec discussed the impact of a worst case insider breach to the team and the people in the unit, as well as to the larger organization. In this way, InfoSec became very familiar with the operations of the business and the concerns of each business unit and the people who ran it. Practice #1C: Use Anecdotes We noticed that InfoSec often used anecdotes to personalize the threat. For example, InfoSec at a medical device manufacturer told the story of how a leak of the company s intellectual property would lead to a shutdown of manufacturing. The story drove the point home, to raise awareness and help change behavior. 3 4
5 A few smart companies have stopped complaining about SOX and turned it to their advantage bringing operations under better control while driving down compliance costs. Harvard Business Review, 2006 Practice #1D: Leverage Compliance for Security We found that companies who were successful at addressing insider threats had a strategic attitude about compliance instead of a checklist attitude. They embraced it, and used as a driver to bolster their security initiatives and differentiate their businesses. Although compliance doesn t guarantee perfect security, it helps the odds dramatically. And buy-in on compliance from the top increases the success of compliance efforts, and therefore of security against insider threats. Practice #1E: Create a Network As InfoSec creates informal teams and relationships throughout the company, it becomes familiar with the roles and operations of the business in every business unit. As a result of their involvement, security initiatives and awareness pervade the organization. InfoSec becomes part of the corporate DNA. Business units willingly work with InfoSec to understand and mitigate their risks. Ideally, business units proactively seek out InfoSec before making decisions. Practice #1F: Heavy Use of Analytics Advanced organizations use security analytics. Analytics serve two main functions: With the growth of bring your own device (BYOD), tracking and managing devices has become impossible. However, analytics can help identify aberrant data and intellectual property access. Combat advanced threats coming from governments. Though not related directly to malicious insiders, for many enterprises, analytics helps provide the incite needed to identify advanced threats. Practice #2: Organize for Security We observed two organizational models that effective InfoSec teams follow. Initially, security teams followed a centralized organizational model. Roles within a centralized team can be diverse, and responsibilities can span the entire organization. For example, one person may be in charge of security in web apps, and another for sharing information with third parties. A unified team has its advantages and is often the most sensible approach in the smallest companies. On the con side, centralized teams tend to get less budget and visibility, and can even be viewed as detached. Over time, especially with larger organizations, especially with multiple geographies or lines of business, InfoSec staff tends to be embedded in the business units. The advantages of the decentralized model are higher involvement and visibility, and therefore a higher budget. The disadvantage is that roles between business units can easily become redundant, and InfoSec professionals on different teams can even come to crossed purposes. Regardless of organizational method, we noted two distinct practices: Practice #2A: An Integrated Security Organization Advanced organizations were marked by a broader integration with other security-related disciplines, especially fraud and privacy. This integration underlies the role of business security over technical security. Practice #2B: Adopting an Assurance Model Advanced organization put in place security policies, deploying a consistent cycle of inspection and verification. By contrast, many other firms today relied on a trust but don t always verify approach. Copyright 2014, Imperva All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva. All other brand or product names are trademarks or registered trademarks of their respective holders. WP-FILE-NAME
6 While ethics lectures and training seem to have little to no effect on people, reminders of morality right at the point where people are making a decision appear to have an outsize effect on behavior. Dan Ariely, James B. Duke Professor of Behavior Economics at Duke University Practice #3: Work with Human Resources The power of HR to create a security-minded culture can t be overstated. Duke University Professor Dan Ariely conducted experiments on students doing a math exercise in which they report their own scores. Typically, a moderate number cheated on the exercise to collect a small prize. But when students were reminded of the Ten Commandments before the exercise, or asked to swear on a Bible, even among self-declared atheists, cheating dropped to nearly zero. 4 We observed a very tight integration between InfoSec and HR among companies that deter insider threats using a variation of Dr. Ariely s prescription. While it s common for HR and InfoSec to work together for employee onboarding and offboarding, these companies had built a richer relationship (in fact, on- and offboarding were typically automated). The real relationship centered around HR s ability to communicate InfoSec s requirements and expectations, and create an atmosphere that supports data security and respect for corporate digital assets. In these companies, HR was an effectively InfoSec spokesperson. The key practices used by our group: Practice #3A: Onboard with Security in Mind HR also supported InfoSec in its onboarding practices, beyond the typical background checks. InfoSec worked with HR to develop psychological testing methods to evaluate candidates, and many added additional testing and evaluation of executives. One company made a point to instruct new hires not to bring competitor data, demonstrating that the reverse would not be tolerated when they leave. Practice #3B: Elevate Violations to HR The companies we surveyed employed the clout and authority of HR to handle violations of security processes, making it clear to all employees that insider security infractions have disciplinary consequences. In one large insurance firm, HR has direct access to incident reports of security breaches, so that they have the entire dashboard for making disciplinary decisions. Practice #3C: Automate Termination Processes Most of the companies in our survey automated their termination processes to shut down access to data quickly and completely. Successful implementation of this automation is made possible when InfoSec and HR have a tight integration. Practice #4: Work with Legal Companies who participated in our survey also had a tight integration between InfoSec and the Legal department. Where security is concerned, Legal s role is similar to HR s: to use its clout and authority to create a business culture where the consequences of internal breaches are well known. While, for many firms, this means following the compliance checklist, we found advanced companies using Legal in innovative ways. Practice #4A: Approve Security Policies Legal works with InfoSec to develop and approve basic security polices for the company, including usage of , networks, and social media, care of laptops and other portable devices, and the monitoring of user behavior. To whatever extent these measures are appropriate in each company, the clout of the Legal department legitimizes employee policies. 4 Dan Ariely, Why We Lie, The Wall Street Journal, May 26, html 6
7 Practice #4B: Communicate Scary Legal Policies When employees know that their employers have strict legal policies and are ready to enforce them, behavior changes. The companies we studied clearly communicated their legal policies and involved Legal in enforcement to add a fear factor. For example, a banking company sent each departing employee a list of all company data they accessed in the last six months. Legal then used this list to send both the departing employee and their new employer an official warning letter, letting them know that the company was watching for signs of their data falling into a another company s hands. Although it is obviously important to pay attention to flagrant misbehaviors, it is probably even more important to discourage the small and more ubiquitous forms of dishonesty the misbehavior that affects all of us, as both perpetrators and victims. This is especially true given what we know about the contagious nature of cheating and the way that small transgressions can grease the psychological skids to larger ones. Dan Ariely, James B. Duke Professor of Behavior Economics at Duke University Practice #4C: Review Third-Party Contracts Our companies recognized that their partners could be a significant source of insider threats. By working closely with InfoSec, Legal was able to tighten up contracts. Partners then had an obligation to manage data access to the same standards as the partnering company. These agreements are particularly important in setting terms with consultants who will work on-site or have virtual access to data, or relationships in which sensitive data is shared between firms. Practice #5: Educate Every InfoSec team needs to be educated about insider threats, but for our group, the education extends to employees in a very concerted manner. Practice #5A: Educate Employees Constantly Our companies conducted regular employee training programs, ideally twice per year for every employee. In practice, bi-annual live training is difficult and expensive, but advanced companies get around the obstacles using , newsletters, flyers with tips included with pay slips, and poster campaigns in the breakrooms. In these communications, they also made it personal by using real-world, local examples. As a result, these companies created a barrage of information, which demonstrated that insider security was a constant and consistent priority. The HR departments of companies in our survey developed training and communications programs that consistently reminded employees of their responsibilities to protect the company s security. For example, one company s HR internal communications team would even publish articles in the newsletter about breaches that took place at other companies, to educate employees on how to avoid similar problems. Practice #5B: Educate Online We observed many companies using online security awareness training, typically deployed by HR or Legal. Even small companies are now using the online tools available, to educate employees on policies and best security practices, and to conduct tests on the information. From a legal standpoint, the online tools provide the company with an official record of what they knew and when they knew it, which eliminates the excuse, I didn t know that was a policy, in case of an infraction. Practice #5C: Teach Personal Cyber Security Individuals are concerned with privacy and data security in their homes and for their families, and one company in our study built upon that concern to educate its employees. They provided a personal cyber security class that followed the same principles as the company s internal security policies and worked in information about the corporate requirements. Employees were motivated to attend and put what they learned into practice, thus making both their homes and offices safer. In the bargain, the company built goodwill and trust by offering valuable information. Practice #5D: Educate InfoSec The InfoSec teams of secure companies are persistent about attending conferences and professional training. They actively stay ahead of the curve in their professional training. 7
8 Part 2: How to Prioritize the Initiatives Information security is a complex undertaking. The effective InfoSec teams we found, across the board, knew how to prioritize their security initiatives. Practice #6: Size the Challenge The companies we studied are good at sizing the challenge. They take a hard look at every possible threat and have innovative ways of collecting and prioritizing their requirements Practice #6A: Identify the Threats We observed companies making detailed inventories of the assets that are subject to a breach, and the possible ways they could be breached. One interviewee told us: We start by identifying what makes our company unique. That is, they focus first on the assets that are most likely to be targeted. Their inventories include all the threats identified in our definition of the insider threat : malicious intent, accidents, and victimization from outsiders. Practice #6B: Build an Insider Inventory Sizing the insider threat means sizing the population of insiders. This population includes not only regular employees, but also transient, remote, and mobile workers, and those affiliated with partners. Partner profiling is particularly important, and sometimes complex, because security standards vary from organization to organization, and partners tend to come and go. For example, the healthcare industry is a network of hospitals, doctors, pharmacies, and insurance companies that share sensitive customer data, and whose relationships change regularly. Every data transaction is a potential breach. For example, recently a spreadsheet of health information was accidentally posted on the Internet when one partner shared it with another. Practice #6C: Map the Threats The next step is to map the insider inventory against the possible threats. Some teams created a matrix on a spreadsheet of every known asset and every insider group that could commit a breach on that asset. The result is a comprehensive list of what-if scenarios that forms the basis of a prioritized plan. With this inventory in hand, the InfoSec team can account for audit and visibility requirements, to ensure that data is accessible to those who need it, and inaccessible to those who don t. Practice #6D: Classify Sensitive Information Identifying the information within the corporate databases and file servers allows understanding of risk and severity of data access. Practice #6E: Analyze and Audit Activity By keeping track over access and access patters, it becomes very easy to understand who accessed your data, what was accessed and why. 8
9 Practice #7: Start Small, Think Big. Once they identified all the possible scenarios, companies in our study used their matrix to prioritize. Practice #7A: Consider the Consequences One company in particular used this list to brainstorm, with the business units, the consequences of every possible breach. For example: Would it drop the stock price? Give an advantage to a competitor? Break a government regulation? Threaten a customer s privacy? The severity and likelihood of these consequences helped them set their priorities. Practice #7B: Don t Get Overwhelmed For an organization of any size, a list of every breach scenario could be an overwhelming amount of data. No InfoSec team can secure everything at once. The key is to start with the most basic priorities, to put a lock on the jewelry box instead of building a wall around the entire house. Successful teams realized that doing too much, too soon, would not only put unrealistic demands on themselves, but would be disruptive and confusing to the business units they serve. Instead, they started with small but significant victories, based on a prioritized plan. Practice #8: Automation Deciding what to automate goes hand in hand with prioritizing. Effective InfoSec teams used the prioritization process to drive automation, rather than resorting to any vendor technologies that may be available. These are the automated systems we observed consistently among the companies we studied: Online training: As explained above under Educate Online, online training tools maximize the reach of the security education program. System inventory: Automated tools were used to inventory assets in the discovery process. Fraud prevention Provisioning and de-provisioning privileges: These systems reveal who has access to what data and whether they log in, enable reviews of access privileges, and clean up dormant accounts. Onboarding and offboarding: These systems grant and remove privileges automatically; they are particularly useful when employees depart, giving HR immediate control to remove permissions. 9
10 Part 3: Controlling Access Access controls formed the backbone of an insider threat strategy on many levels. With the disintegration of the perimeter, less, sometimes zero faith was placed in filtering systems designed to identify and stop sensitive content from leaving the premises. With Prussian-like precision, security locked down data and other content with a set of access control systems. Practice #9A: Guard the Guards The first step: Lock down admins and super users. Administrators and other super users have often been the first to violate security by accessing things they shouldn t. Recently, we are seeing this replayed today with the growth of SharePoint, for example. The Register reported on a survey on SharePoint admins, finding that the most popular documents eyeballed were those containing the details of their fellow employees, 34 %, followed by salary 23% and 30% said other. Our firms typically implemented three practices: Sensitive transactions should require additional approval to prevent fraud Separate policy for privileged users Privileged user monitoring Practice #9B: Co-manage Access Rights with Lines of Business Firms in our group put in place a detailed permissions structure that is comprehensive and flexible. A key activity: permissions discovery, a simple but comprehensive inventory of who can see what. Over time, the notifications were put in place that recognized key events such as: Job changes Terminations Sensitive transactions should require additional approvals to prevent fraud Unusual access attempts Repeated attempts Security teams, unaware of day-to-day business events, put business owners in charge of verifying access rights. This also included setting timetables for reviewing access rights. Practice #9C: Focus on Identifying Aberrant Behavior At Black Hat USA 2012, Jonathan Grier described how studying statistical aberrations when it came to accessing files helped identify insider threats when it came to forensic analysis. 5 The same can apply as an insider theft occurs. Bradley Manning, the US Army private who accessed and provided sensitive Department of State documents to Wikileaks, accessed thousands of documents using a script that downloaded files from SharePoint at inhuman volumes. Weirdness usually means trouble. In our group, profiling normal, acceptable usage and access to sensitive items is a key part of mitigating insider threats. Typically, profiling would focus on, as one participant put it, cameras in the vault. The cameras looked for aberrations in: Volume Access speed Privilege level Checking the entry method Legitimate individuals should, typically, access data through a main door. 5 https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#grier 10
11 Most firms we profiled recognized that nothing will stop the proliferation of mobile computing devices (also known as the consumerization of IT). But they recognized that it doesn t matter so much what device you use vs. how employees interact with the data. That s where identifying aberrant behavior is essential. Whether you re accessing thousands of records via ipad or PC makes little difference: it s still aberrant. Most participants emphasized that in the case of a lost or stolen device, remote wipe is very important. Part 4: Implementing Technology Firms in our group would pick technologies that were mapped to mitigating threats, but would constantly engage in a process of readjustment. This rebalancing of the technical portfolio would take place annually, with security assessing what was needed, what was working, and where future threats could come. The typical technologies deployed varied widely among our small sample size, making it difficult to identify specific trends. Since the technologies are basically the technical solutions to address the different practices, the question then boils to how to choose what s right for a particular enterprise. About Imperva Imperva, pioneering the third pillar of enterprise security, fills the gaps in endpoint and network security by directly protecting high-value applications and data assets in physical and virtual data centers. With an integrated security platform built specifically for modern threats, Imperva data center security provides the visibility and control needed to neutralize attack, theft, and fraud from inside and outside the organization, mitigate risk, and streamline compliance. Copyright 2014, Imperva All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva. All other brand or product names are trademarks or registered trademarks of their respective holders. WP-INSIDER-THREATS
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
WHITE PAPER SharePoint Governance & Security: Where to Start 82% The percentage of organizations using SharePoint for sensitive content. AIIM 2012 By 2016, 20 percent of CIOs in regulated industries will
WHITE PAPER How to Secure Your SharePoint Deployment Some of the sites in your enterprise probably contain content that should not be available to all users [some] information should be accessible only
SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment Contents IT S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
White Paper Today s highly regulated business environment is forcing corporations to comply with a multitude of different regulatory mandates, including data governance, data protection and industry regulations.
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans
Protecting What Matters Most Bartosz Kryński Senior Consultant, Clico Cyber attacks are bad and getting Leaked films and scripts Employee lawsuit Media field day There are two kinds of big companies in
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
SpectorSoft 2014 Insider Threat Survey An overview of the insider threat landscape and key strategies for mitigating the threat challenge Executive Summary SpectorSoft recently surveyed 355 IT professionals,
SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK Whitepaper 2 Secure File Sharing and Collaboration: The Path to Increased Productivity and Reduced Risk Executive
WHITE PAPER Cutting the Cost of Application Security Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage,
2014 SIEM Efficiency Survey Report Hunting out IT changes with SIEM 74% OF USERS ADMITTED THAT DEPLOYING A SIEM SOLUTION DIDN T PREVENT SECURITY BREACHES FROM HAPPENING Contents Introduction 4 Survey Highlights
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz firstname.lastname@example.org IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security HEALTHCARE EDITION #2015InsiderThreat RESEARCH BRIEF U.S. HEALTHCARE SPOTLIGHT ABOUT THIS RESEARCH
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
The problem with privileged users: What you don t know can hurt you FOUR STEPS TO Why all the fuss about privileged users? Today s users need easy anytime, anywhere access to information and services so
Securing Your Enterprise in the Cloud IT executives must be ready to move to the cloud safely The technology pendulum is always swinging. And chief information security officers must be prepared to swing
Security Awareness Campaigns Deliver Major, Ongoing ROI CONTENTS 01 01 02 04 05 06 Introduction The Challenge Immediate Value Evaluating effectiveness Ongoing value Conclusion INTRODUCTION By this point,
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
SOLUTION BRIEF Information Lifecycle Control for Sharepoint how can I comprehensively control sensitive content within Microsoft SharePoint? agility made possible CA Information Lifecycle Control for SharePoint
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
A Custom Technology Adoption Profile Commissioned By Trend Micro April 2014 Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions Introduction Advanced attacks on an organization
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events
Bring Your Own Device and Expense Management A Telesoft Whitepaper Table of Contents About this Whitepaper... 3 Essential Elements for BYOD Policy... 4 Capabilities Needed to Manage BYOD and Expense Management...
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
BEHIND OUR DIGITAL DOORS: CYBERSECURITY & THE CONNECTED HOME Executive Summary In support of National Cyber Security Awareness Month (October), ESET and the National Cyber Security Alliance (NCSA) commissioned
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
ebook Top 10 Anti-fraud Tips: The Cybersecurity Breach Aftermath Protecting against downstream fraud attacks in the wake of large-scale security breaches. Digital companies can no longer trust static login
Solutions Brochure Security that Builds Equity Security Connected for Financial Services Safeguard Your Assets Security should provide leverage for your business, fending off attacks while reducing risk
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................
SERVICES DESCRIPTION CA Enterprise Mobility Management MSO At a Glance Today, your customers are more reliant on mobile technologies than ever. They re also more exposed by mobile technologies than ever.
The 2014 Bitglass Healthcare Breach Report Is Your Data Security Due For a Physical? BITGLASS REPORT Executive Summary When hackers break into U.S. hospital health records to steal patient data, it s a
How to make your business more flexible & cost effective? Remote Management & Monitoring Solutions for IT Providers contents 01 Current situation of the IT Channel 02 Market Trends 03 What would be the
What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report
If It s not KaspersKy endpoint security for BusIness, It s not an endpoint protection platform 10 BenefIts that only an Integrated platform security solution can BrIng Kaspersky Lab s Global IT Security
Whitepaper High-Risk User Monitoring Using ArcSight IdentityView to Combat Insider Threats Research 037-081910-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com email@example.com
Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest Look back on 2010 Agenda Incident types Inside Job? Source of Risk Role of Encryption Some Conclusions 2010 A Year In Review
Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,
4 Critical Risks Facing Microsoft Office 365 Implementation So, your organization has chosen to move to Office 365. Good choice. But how do you implement it AND deal with the following issues: Keep email
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel firstname.lastname@example.org September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
Managing Special Authorities for PCI Compliance on the System i Introduction What is a Powerful User? On IBM s System i platform, it is someone who can change objects, files and/or data, they can access
WHITE PAPER BUSINESS INTELLIGENCE MATURITY AND THE QUEST FOR BETTER PERFORMANCE Why most organizations aren t realizing the full potential of BI and what successful organizations do differently Research
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved.
WHITE PAPER: DATA PROTECTION Business Case: True Cost of Tape Backup Economic Value Creation (EVC ) Experts The Remote Backup Appliance Company WHITE PAPER: DATA PROTECTION The True Cost of Tape Backup
Complete internal threat solution on the endpoint delivered as a service About, Inc, Inc (ATI) is a Los Angeles, California company founded in 2002 who has over 200,000 total users and 10,000 corporate
Endpoint Security Management LANDESK SOLUTION BRIEF Protect against security threats, malicious attacks and configuration vulnerabilities through strong endpoint security control and maintenance. Protect
Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco
CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT ABSTRACT Identity and access governance should be deployed across all types of users associated with an organization -- not just regular users
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.