Inside-out security strategy vital, says expert
Inside threats can often blindside a business, as most organisations focus on external security threats, according to Ixia.
The company says it is imperative businesses tailor their security policies, internal awareness regimes and security tools to ensure they are protected from the inside out, as well as the outside in.
“Information is becoming a popular commodity for criminals around the globe, so companies have to do what they can to make sure that information stays safe,” explains Stephen Urquhart, general manager ANZ, Ixia.
“At the same time, our increasingly connected world is opening up new ways for information to be lost, inadvertently shared, stolen, or appropriated by unauthorised agents,” he says.
“Companies need to protect this information from the inside.”
Urquhart says there are three key components to designing an inside out security strategy to keep data safe within an organization.
Urquhart says organisations should build security architecture with multiple layers to protect the areas of the organisation where most of the internal information assets reside.
“It is best if data is encrypted and companies should also implement a tiered permissions identification system,” he explains.
“At the same time, businesses should implement an overall corporate security policy that all levels of management support.
“This helps to make sure everyone is on the same page with practical security measures, such as using stronger passwords and changing them regularly,” says Urquhart.
Companies should train employees to recognise cyber criminals’ tactics and understand how to avoid being tricked, Urquhart explains.
“Additionally, given that most ‘inside out’ data breaches are accidents, businesses need to teach employees how to manage sensitive information, stay up-to-date on threat intelligence reports, and be aware of the latest cyber-criminal exploits,” he says.
According to Urquhart, companies should implement a selection of tools that monitor streaming applications on the network to identify unusual behaviour or unknown network applications effectively,” he says.
“This can help prevent exploits from being discovered after it is too late to mitigate them.
“Additionally, businesses should use testing solutions to make sure all programs are running as expected prior to deployment,” Urquhart explains.
“This can ensure that data is kept where it is meant be kept, making it easier to protect.”