The story of how ancient Greece defeated solidly fortified Troy has a cautionary correlation to cybersecurity.
Regardless of how impenetrable preventative cybersecurity may appear, there is always a way to sneak in. And one of the best ways is by proxy via a ‘Trojan horse’ of trusted people or inside employees.
It’s no coincidence that a deceitful form of malware is called a ‘Trojan’. Now more than ever, organisations must have the 24x7 monitoring and threat detection capabilities typically found in a security operations centre (SOC), which includes a security information and event management (SIEM) solution.
While an enterprise cyber-fortress won’t open the gates for a malicious package delivered by a bad actor, it does open the gates every single day to another potentially dangerous cyberthreat: Its own employees.
The Growing Risk of Insider Threats
In fact, over the last three years, there has been a 47 per cent increase in insider threats. Worse still, a 2020 Insider Threat Report by Cybersecurity Insiders emphasises that these threats are becoming more frequent, trickier to detect and more damaging. That’s why security operations solutions that can handle the threat detection and response needs of your organisation are so critical. Leveraging the expertise of security analysts along with SIEM solutions, threat intelligence feeds and the latest advanced technology, a provider of managed security operations enables you to discover and mitigate threats before they do real damage.
The Risk of a ‘Trojan Horse’ Employee
Why do insider threats matter? Because the outcomes can be devastating. These risky insiders could shred your business reputation, cost you millions in financial losses and regulatory fines, compromise your customers' data and drive away clients, among other damages.
Your most dangerous insiders are privileged users and administrators, regular employees, third-parties and temporary workers and C-level executives who have access to your most confidential and sensitive information. Insiders typically breach your systems either deliberately, accidentally or through data theft, where an outsider steals and uses their credentials.
According to Tessian’s latest report, most companies rely on security awareness training, but negligence actually happens most frequently in companies with the most training. In fact, employee security awareness training often becomes as useless as Troy's walls with an enemy-filled horse inside them.
Recent Insider Threat Incidents
Incessant media headlines highlight the threat posed by insiders. Here's a look at what happened last year alone:
In January 2020, in a prominent example of data theft, attackers compromised the credentials of two Marriott employees to hack 5.2 million records of Marriott guests. These records contained sensitive information that included loyalty account details and personal preferences. Making matters worse? It took four weeks before Marriott detected the breach. Although Marriott won that lawsuit, the hotel was fined $23.9 million earlier in the year for a 2014 breach and its data security reputation was further dented.
Nine months later, a senior manager of Amazon’s tax department was charged for divulging Amazon’s confidential financial data to family members so that they could trade on it. Amazon lost $1.43 million. This breach is a prime example of insider criminal activity.
The notorious Equifax breach that resulted in the stolen records of more than 164 million customers occurred only because a single employee failed to heed security warnings and didn't update the system. Although the breach was disclosed in 2017, the US Government tracked it to the People’s Liberation Army in 2020. The Equifax incident illustrated how accidental negligent activity can have catastrophic consequences. Equifax experienced a skyrocketing turnover in the company, $1.4 billion on cleanup costs, another $1.38 billion on consumer claims and a Moody's downgrade in its financial ratings.
How do you detect these insider threats? You need around-the-clock monitoring, detection and response, as well as other security operations solutions to reduce risk and keep your organisation protected.
Security Operations Solutions Help Stop Insider Threats and Other Attacks
Security needs to exist within the network fortress, which is why security operations solutions to monitor, detect and help your team respond to threats on-premises and in the cloud are so critical. By monitoring network traffic and activity and sifting through the vast quantities of data and security alerts on any given day, these solutions are part of a comprehensive cybersecurity strategy that help you detect danger early, before attackers can make their move.
In contrast to legacy SIEMs that serviced closed systems and were ill-equipped to handle big data, today’s security operations experts leverage modern SIEMs that collect your log files, security alerts and events into one place – from across firewalls, your endpoints, intrusion detection systems and more so, security teams can more easily analyse that information.
To appreciate the convenience, just consider that at one time, analysts had to trudge from one security product to another to conduct investigations. If they found anomalous activity, they also had to spend time eliminating it at each point.
Now, security operations centres enjoy one central big data platform that provides a single pane of glass for analysing and treating those threats. Such a solution instantly alerts your analysts to security threats in real time across all your environments, including cloud, on-premises and hybrid.
The Case for Managed Security Operations
SIEMs can be used for various purposes, which is why they are the foundational platform for security operations centres (SOCs). Some companies use SIEMs for insider threat protection – or threat hunting – which is a proactive search for unusual activities inside their organisations. SOCs also use SIEMs to prepare audits for compliance objectives and to investigate past security incidents.
What’s more, they also provide capabilities that include data storage, threat intelligence aggregation, threat detection and notification. This helps to support your organisation to comply with government regulations. The problem? SIEMs bring significant costs and are extremely difficult to deploy and maintain.
That’s why many businesses are discovering the value and comprehensive protection afforded to them by providers of managed security operations, such as Arctic Wolf. We eliminate the need for a fully staffed, 24x7 security operations team.
Our Concierge Security® Team uses the cloud-native Arctic Wolf® Platform to determine which alerts to send your team, so you focus on the most important threats and gain the ability to swiftly detect and remediate potential attacker activity, whether in the form of a phishing attack, ransomware or even an insider threat.
Learn more about how an Arctic Wolf security operations solution can protect your organisation from today’s sophisticated cyberthreats.