一个组织的员工是其最宝贵的资产之一,也是最容易受到网络攻击的对象.
While many cybersecurity threats come from outside an organization, Verizon’s 2023 Data Breach Investigation Report found that one-fifth of cybersecurity incidents were caused by insider threats, which were the result of both deliberate misuse and inadvertent human errors.1 Notably, 首席信息安全官(ciso)表示,“内部攻击是他们最可怕的噩梦,因为识别和阻止这类攻击是如此具有挑战性。.”2 Indeed, no enterprise or SMB is immune to insider threats. To detect and prevent them, 组织必须采取积极主动的方法,在内部威胁导致严重的网络安全事件之前识别和阻止它们.
Double Down on Digital Hygiene
This solution is so simple that some may underestimate its effectiveness. Nonetheless, many individuals continue to practice poor digital hygiene. For example, they may fail to update account credentials after a data breach, maintain strong, original passwords for all accounts and install the latest software updates. 这些简单的缺点使组织暴露在不必要的网络安全漏洞中. 即使是对员工数字卫生的微小改善,也会对提高澳门赌场官方下载的网络准备能力产生巨大影响.
Verizon’s report notes that 74% of breaches include a human element, such as the use of stolen credentials or social engineering attacks.3 This finding underscores the effect that a simple step, such as using an original password for all accounts, can have on mitigating the risk of a data breach. Critically, organizations should not leave this to chance. 教员工如何遵循数字卫生最佳实践和实施问责制解决方案,以确保遵循最佳网络实践. For example, providing employees with password managers to help ensure strong passwords, leveraging network monitoring tools to detect suspicious activity, 监督所有设备上杀毒软件的安装有助于提高安全性. Additionally, 澳门赌场官方下载可以使用数据丢失预防(DLP)工具来跟踪和帮助防止数据泄露.
Assume Employees Will Fall for Phishing Scams
Most data breaches begin with a phishing attack, 将不知情的内部人士变成日益破坏性的网络攻击的帮凶. More than 3 billion phishing emails are sent daily4 这些信息正变得越来越难以检测和防御.
那些曾经被认为是骗局的迹象——比如严重的拼写错误或令人难以置信的场景——已经被高度个性化的内容所取代,这些内容将到达人们的电子邮件收件箱, text messaging applications (apps) and other digital communication platforms. In this environment, 澳门赌场官方下载应该为不可避免地有人会落入网络钓鱼骗局而做好准备,并采取必要的防御措施,以确保点击虚假链接不会造成数据灾难.
一些防御方法可能包括确保对所有网络和系统的可见性,同时为澳门赌场官方下载网络和计算机配备分析端点DLP软件,以识别可能的响应并减轻后果.
Recognize Malicious Insiders
Malicious insiders (i.e., 故意破坏网络完整性或数据隐私的内部用户无疑是少数, but they pose a serious threat to enterprise security. They can be motivated by many factors, 但突然的工作变动,从裁员或终止是一个不能忽视的因素. 例如,一项调查发现,87%的员工将他们创建的数据带到新工作中,5 据彭博社报道,“员工在辞职前获取数据的可能性要高69%.”6
恶意的内部人员无疑是少数,但他们对澳门赌场官方下载安全构成严重威胁.
防止恶意的内部人员在窃取澳门赌场官方下载或客户数据的过程中, 组织必须培养主动识别数据滥用迹象并防止员工下载数据的能力, sending or otherwise disseminating sensitive information. This includes the ability to:
- Scrutinize and obstruct email exchanges suggestive of data leaks
- 限制文件传输到所有目的地,包括公共云和外部USB存储
- 在非操作时间或来自不熟悉的源和IP地址的连接时,拒绝用户访问
- Detect and halt dubious email operations, such as insecure data distribution
By identifying malicious insiders, 澳门赌场官方下载可以阻止他们使用特权访问对数据安全和IT完整性造成严重破坏.
Ready Your Response
在检测到网络安全或数据隐私威胁的那一刻,并不是决定如何应对的时候. The most secure organizations have already readied their responses, leveraging a rehearsed playbook to mitigate the damage. 澳门赌场官方下载可以通过创建详细的行动计划来做好应对准备,这些行动不仅涉及IT团队,还涉及管理和法律方面的关键人员, public relations (PR) and human resources (HR) departments. In addition, 旨在评估组织网络准备情况的定期演习有助于确保所有利益相关者了解他们的角色, 而持续的更新使剧本与不断变化的威胁景观相关.
By having a predefined strategy, organizations can act swiftly and decisively, reducing potential losses and protecting their reputations.
Investigate Incidents to Continually Improve
With the right information and insights, 任何网络安全事件都可以成为一个学习的机会,使组织的防御姿态更加强大. Forensic tools are fundamental in this endeavor, 提供跟踪和理解违规期间事件顺序的能力. 会话回放和光学字符识别(OCR)等功能允许提取隐藏在非结构化数据中的隐蔽活动,并提供对泄露时间线的细粒度理解.
Moreover, 内部威胁监控软件捕获用户和管理操作的详细日志, 提供有价值的法医证据和学习机会,以最大限度地减少未来的漏洞.
Conclusion
Employees are an organization’s greatest asset, but unfortunately, they also represent the most susceptible surface for cyberattacks. With their unique access to systems and data, employees sit at the front lines of this digital battlefield. Their actions, deliberate or inadvertent, can significantly impact an organization's security posture. 这种理解应该推动组织不仅投资于先进的安全技术, but also in the ongoing education and empowerment of their teams, ensuring that everyone can anticipate, 准备和应对不可避免的网络安全威胁.
Endnotes
1 Verizon, 2023 Data Breach Investigations Report, USA, 2023
2 Columbus, L.; “Top 10 Cybersecurity Findings From Verizon’s 2023 Data Breach Report,” VentureBeat, 13 June 2023
3 Op cit Verizon
4 Palmer, D.; “Three Billion Phishing Emails Are Sent Every Day. But One Change Could Make Life Much Harder for Scammers,” ZDNET, 23 March 2021
5 Rittman, D.; “嘉宾论文:公司可以采取明智的预防措施来防止裁员后的数据丢失,” Security Boulevard, 13 February 2023
6 Martin, A.; “When Employees Leave, Sensitive Data Often Leaves With Them,” Bloomberg, 18 January 2023
Isaac Kohen
Is chief product officer and founder of Teramind, a leading global provider of insider threat management, 由用户行为分析提供的数据丢失预防和生产力优化解决方案. Serving enterprises, governments and small and medium-sized businesses (SMBs), Teramind has provided more than 10,000 organizations around the world with actionable, data-backed workforce insights that reduce risk, increase productivity and streamline business operations.
