Video: 10 Minute IT Jams – F-Secure talks APTs and the Lazarus Group
Insider cyber attacks are on the rise.
That is the stark warning from Jonathan Andresen, Senior Director of Marketing at Bitglass, a cybersecurity company specialising in cloud-based data and threat protection. Bitglass, which operates a worldwide cloud security network, recently released a report revealing that **61 per cent of companies have fallen victim to insider attacks** in the past year, a jump from previous years.
Andresen attributes this rise to several key changes in how businesses operate. "It really has to do with three things that are happening concurrently," he explained. "First, we are moving toward more and more cloud services. The migration is going very quickly, and what that means is your data is now in someone else's data centre, and it's very hard to see that data and see what the user is doing when they're accessing it."
Alongside this widespread rush to cloud services is the dramatic increase in remote working that began during the pandemic and has now become a permanent feature of many workplaces. Employees, and often external contractors and suppliers, are using their own and multiple devices - everything from laptops to mobile phones - to access company resources. This, Andresen said, makes it significantly more challenging for IT teams to keep track.
"Each user now has multiple devices accessing multiple types of cloud services, and they're doing it in real time," Andresen said. "How do we see those transactions as they happen and ensure that the data is accessed correctly? It's a big challenge for a lot of companies today."
The difficulties of responding to insider threats are further magnified by technology and process shortfalls. According to the Bitglass survey, **88 per cent of respondents believe unified security and visibility tools are crucial**, yet 61 per cent admit they currently lack such tools.
"That lack of visibility is a real challenge," Andresen noted. "If companies can't see inside that data and they can't see it in real time, it becomes very difficult to detect threats. And it's not just about detection - it's about what you do when you've found it and how long it takes to fix."
Time, in fact, is a critical factor in the aftermath of an insider attack. "Fifty percent of respondents say it takes a week to detect an insider threat, and almost 50 percent say it takes a second week to actually remediate and fix the problem after that threat has occurred. So, in that gap, a lot of data can be lost, and in the world of cloud services, once data is outside of your data centre and outside of your data boundary, it's lost forever," Andresen added.
With such daunting challenges, what can businesses realistically do to protect themselves?
Andresen argues that the first step is always awareness: "In this environment, with so many cloud services, remote workers, and BYOD (bring your own device) so prevalent - and not just for employees, but contractors and suppliers too - companies need to see where their data is. Finding out where your data is becomes the first problem. The second problem is, what do you do about it once you know?"
He continued: "If you don't know where your data is and how it's being accessed, it's a huge problem. In the world of digital transformation and cloud, the security challenge shifts from the data itself to the identity of the user, the device, and the access model you choose. Having that visibility is paramount. If you can see how data is accessed, from which device and application, and in what context, that's a big step to keeping your data secure."
Bitglass recommends that organisations look for solutions offering unified visibility through a single console, bolstered by machine learning and contextual controls that make it easy to track and manage data. "Typically, we advise companies to look for a solution that's in a single console, that brings that data together so it's easy to find, it's backed by machine learning, and it puts the data together so it's easy for companies to track and manage it to make sure their data is secure," Andresen explained.
Turning to how Bitglass tackles the problem, Andresen highlighted the company's comprehensive platform built on what is known as Secure Access Service Edge (SASE) architecture. "That's a new term that Gartner coined about a year ago, and what it really means is we're combining cloud security with network security at the edge. That's really the new type of platform companies need to be agile and to have an agile security posture."
Central to this is the Cloud Access Security Broker (CASB) technology, described by Andresen as "the firewall for the cloud". This allows organisations not only to see data in cloud services, whether or not these services are officially sanctioned, but also to secure them and apply granular security policies.
Further innovations from Bitglass include a secure web gateway technology they call SmartEdge. "This is an industry-first technology where we actually proxy the gateway on the device itself. Typically, web gateways require you to backhaul the traffic through your data centre to inspect it, but we've put it on the device so it's much faster, much more cost-effective, and uses the best of edge computing with cloud security," Andresen said.
The final pillar of Bitglass' approach is Zero Trust Network Access, a model that assumes nothing and no one on any network can be trusted without verification. "We want to make sure that only the right data is accessed by the right users, on the right applications and devices, and across the right networks. We don't trust anything, and we check each time data is accessed," Andresen said.
As insider threats continue to proliferate, it is clear that companies will need to adapt and invest in cutting-edge security platforms to avoid becoming the next victim. Andresen remains confident that such defences are possible with the right tools and mindset.
"We'd be happy to talk to you about how we could help you secure your data," he said.
