IT Brief Asia logo
Technology news for Asia's largest enterprises
Story image

APAC organisations need strategy to stop insider threats

The majority of organisations within the Asia Pacific region do not have a strategy for stopping insider threats despite growing risks, according to research from Imperva.

The research shows organisations are failing to address the issue of insider threats during a time when the risk is at its greatest.

Commissioned by Imperva and conducted by Forrester, the research found the majority (58%) of incidents that negatively impacted sensitive data in the last 12 months was caused by insider threats, and yet more than half (59%) of APAC organisations do not prioritise insider threats the way they prioritise external threats.

"This approach is at odds with today's threat landscape where the risk of malicious insiders has never been higher," says George Lee, vice president, Asia Pacific and Japan, Imperva.

"The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats.

"Further, the Great Resignation is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, or it could be taken inadvertently when an employee leaves the organisation," he says.

Why are organisations not prioritising insider threats? The majority of APAC respondents blame lack of budget (41%) and internal expertise (38%), but other problems abound. A third (33%) of firms do not perceive insiders as a substantial threat, and 24% say their organisational indifference to insider threats is due to internal blockers such as a lack of executive sponsorship.

In fact, three-quarters (74%) of APAC organisations do not have an insider risk management strategy or policy, and 70% do not have a dedicated insider threat team, according to the report.

Imperva says the findings show that organisations are "woefully underestimating the seriousness of insider threats". Previous analysis by Imperva into the biggest data breaches of the last five years found one quarter (24%) of these were caused by human error (defined as the accidental or malicious use of credentials for fraud, theft, ransom or data loss) or compromised credentials.

Lee says APAC firms are prioritising external threats over insider threats, despite the fact that insider events occur more often.

"Insider threats are hard to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions like firewalls and intrusion detection systems," he says.

"This lack of visibility is a significant risk to the security of an organisation's data. That is why leaders need to focus on the potential threats lurking within their own network."

According to the research, the main strategies currently being used by APAC organisations to protect against insider threats and unauthorised usage of credentials are encryption (54%) and periodical manual monitoring/auditing of employee activity (44%). Many are also training employees to ensure they comply with data protection/data loss prevention policies (57%).

Despite these efforts, breaches and other data security incidents are still occurring and more than half (55%) of respondents said that end users have devised ways to circumvent their data protection policies.

"If your organisation has not created a focused strategy to adequately address insider risk, this needs to be a priority for 2022," says Lee.

"An effective insider threat detection system needs to be diverse, combining several tools to not only monitor insider behaviour, but also filter through the large number of alerts and eliminate false positives.

"Also, as protection of a company's intellectual property begins at the data layer, a comprehensive data protection plan must include a security tool that protects the data layer," he says.

Organisations looking to better protect against insider threats should take the following steps:

  • Gain stakeholder buy-in to invest in an insider risk program. Insider risk is a human problem, not a technology issue, and must be treated as such. It is also a risk that cuts across all parts of the business. Therefore it is important to get senior executives from across the company to endorse and support the insider risk program for it to be successful. Start at the top to gain buy-in and sponsorship, then engage with leaders from HR, Legal, IT, and other parts of the organisation.
  • Follow Zero Trust principles to address insider risk. Following a Zero Trust approach helps protect data and users while limiting the ability of insiders to use sensitive resources not required by their function.
  • Build a dedicated function to address insider risk. Since insider risk is a human problem and very sensitive in nature, it requires dedicated resources. These may be part of the security team or, better yet, a separate dedicated function. Either way, this team needs a specific mandate for insider risk and training to recognise and respond to insider threats.
  • Create processes for your insider risk program and follow them. The sensitivity of insider risk and its associated privacy concerns require that strict policies are implemented and followed. Treat every investigation as if it will end up in court and apply policies consistently.
  • Implement a comprehensive data security solution. A complete solution goes beyond DLP to include monitoring, advanced analytics, and automated response to prevent unauthorised, accidental, or malicious data access. The technologies you deploy should support the processes you've created and the mandate for your insider risk function. Your organisation will see cost savings and a reduction of risk from business impacting security events.
     
Related stories
Top stories
Story image
Sustainable IT
Adobe surveys sustainability at work in Hong Kong employees
The top three sustainability practices are reducing paper usage (46%), digital document storage and management (43%), and curbing electricity consumption (37%).
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Subscriptions
Denodo targets mid-market with new subscription models
These new subscriptions will help mid-market companies to streamline data integration and accelerate speed to insights.
Story image
Hybrid IT
Intel launches 13th Gen core processor and unison solution
13th Gen Intel Core desktop processors deliver the world’s best gaming experience and unmatched overclocking capabilities.
Story image
Network Management
Data is growing at breakneck speed, but are we optimising its value?
Data lies at the heart of digital transformation, as every digital touchpoint translates to a data point. In this digital-first world, data is being created everywhere today – at breakneck speeds.
Story image
Customer Relationship Management
NetSuite helps Australian bridal boutique to scale operations globally
Grace Loves Lace is now using Oracle NetSuite to create enhanced experiences for brides from Queensland, Australia, to locations worldwide. 
Story image
Mobile Device Management
How to easily scale your mobile workforce and devices for the peak shopping season
Retailers are under constant pressure to streamline processes and become more efficient while looking for ways to improve customer satisfaction levels.
Story image
Artificial Intelligence
Dematic accelerates supply chain innovation with Google Cloud
The partners will join forces to leverage shared learnings to drive rapid cloud innovation by migrating Dematic’s offerings to the cloud.
Story image
Artificial Intelligence
ServiceNow improves operational intelligence with new solutions
"We are helping customers create more resilient, secure, and productive business models, so they can navigate uncertainty with confidence.”
Story image
Hybrid Cloud
Hybrid cloud security driving need for deep observability
Gigamon is bringing application and network-level intelligence together to help network, security, and cloud IT operations teams eliminate security blind spots.
Story image
Data analytics
COVID-19 relief innovation takes 2022 SAS Hackathon crown
In COVID-19’s wake, more than 287,000 MSMEs joined JakPreneur, a collaborative government platform that links entrepreneurs and stakeholders
Story image
Software-as-a-Service
BigCommerce announces launch on Google Cloud Marketplace
The move makes it easier for global enterprise customers to modernise their ecommerce platform to expand audience reach and drive business growth.
Story image
Firewall
Forrester names Akamai as web application firewall leader
"We continually monitor and improve our capabilities to defend customers from new threats, while enabling customers to protect evolving attack surfaces."
Story image
DevOps
Disparate data causing headaches for A/NZ businesses
Gone are the days when developers could get away with merely producing code. Many are now expected to be accountable for their code, which should be ‘clean’, right up to deployment.
Story image
IT in Manufacturing
Five ways manufacturers can benefit from a purpose-built ERP
As the manufacturing world rapidly evolves to meet new challenges, many organisations are working to define a new roadmap to success.
Story image
Sustainable IT
Equinix commits US$50 million to advance digital inclusion
Establishes the Equinix Foundation, an employee-driven charitable organisation, to advance digital inclusion through grants and strategic partnerships.
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Data analytics
SAS Viya now available in the Microsoft Azure Marketplace
SAS offers its analytics platform Viya, with an hourly pricing model, in-app tutorials and support for multiple languages.
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Artificial Intelligence
Versa announces partnership with Nabiq to deliver 5G services
Versa’s VOS enables a unique approach to 5G edge solutions by combining virtual machines with SASE multi-tenancy to enable 5G UPF data plane
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Customer Relationship Management
NetSuite introduces CPQ to help organisations simplify sales process
NetSuite CPQ is the only native configure, price and quote solution built on the NetSuite platform. It works with NetSuite ERP, CRM, and eCommerce solutions
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Software-as-a-Service
Varonis adds secrets discovery to data classification
The data security firm announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens.
Story image
Cloud Security
75% of AU companies had cloud security incident in past year
According to new Venafi research, complexity is due to increase, as companies plan to host more applications in the cloud.
Story image
Microsoft
UiPath and Microsoft partner to empower best-in-class automation
"Together, we are helping customers realise and achieve the business value of automation at scale. We are excited to deliver substantial, integrated cloud offerings.”
Story image
Cloud
IBM releases Transformation Index to assist cloud innovation
IBM has released its Transformation Index: State of Cloud, commissioned by the company and conducted by an independent research firm.
Story image
Network Management
Fortinet introduces enhanced AIOps across its gateways
FortiAIOps builds on Fortinet's rich history of developing artificial intelligence to deliver actionable network insights for self-optimising management.
Story image
Artificial Intelligence
Exclusive: Uniphore shares how Conversational AI can be the key to business success
Conversational AI and Automation are vital tools to help further promote organisational cohesion and communication, and Uniphore is leading the charge.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Customer Relationship Management
Diagnostic: Does your tech stack up for growth?
It’s common for tech companies to encounter limitations in their tech stack as they experience growth. After all, at first, you only need to invest in systems to support the needs of an early-stage or single-entity business.
Story image
Workflow Automation
NetSuite announces SuitePeople Workforce Management
Oracle NetSuite has announced NetSuite SuitePeople Workforce Management, a solution created to help organisations manage labour costs and profitability.
Story image
Malware
Decrease in malware volume, but surge in encrypted malware
The Q2 Internet Security Report found office exploits continue to spread more than any other category of malware.
Story image
Oracle NetSuite
NetSuite Launches Ship Central to improve warehouse operations
NetSuite WMS and Ship Central offer warehouse operations across SKUs, processes, and locations. NetSuite WMS eliminates manual processes
Story image
Ransomware
Delinea updates DevOps security, remote access more seamless
New enhancements include development support on the most recent Mac computers and improved secrets' management usability through automation.
Story image
Data Protection
99% of security experts unhappy with tokenisation investment
Cybersecurity experts are looking for a solution that provides the strength of tokenisation while removing the friction that has accompanied it in the past.