Data Center Post: The Stark Reality of Insider Threat, and What Your Business Can do about It.
By Gerry Gebel, Vice President of Business Development at Axiomatics
Modern access control technologies like dynamic authorization can ensure information isn’t exposed to unauthorized users within an organization.
Businesses and government agencies worldwide hold information that, if it fell into the wrong hands, could cause widespread financial or reputational damage. Take a moment to think about all the proprietary information and intellectual property (IP) companies like Apple, Tesla, Google and Amazon hold about their algorithms and future technologies. What if the wrong person uncovered that information? They could damage the future of any one of those companies. This was highlighted recently when a disgruntled Tesla employee was able to access the Tesla Manufacturing Operating System and change code to sabotage operations.
Now think about all the information the U.S. government holds, data that contains personally identifiable information (PII) on federal employees and U.S. citizens, proprietary or export-controlled data and other sensitive information related to national security. The range of risk to citizens or government employees ranges from a relatively insignificant inconvenience to matters of national security.
Both businesses and federal agencies are already investing heavily to protect data from hacking and other external threats, but insider threat poses a more intimate, internal challenge that must be addressed. Insiders (staff, contractors, partners, and so on) have legitimate access to the organization’s IT systems. The insider threat or risk occurs when legitimate users leverage their access for reasons other than their official duties, such as for personal profit, sabotaging systems or business opportunities, or other malicious purposes.
Addressing insider threats requires a diligent strategy when it comes to access control. The approach must meet ever-evolving security challenges in the digital age and enforce enterprise or agency-wide access based on specific organizational policies, guidelines and regulations.