CIOApplications
  • Home
  • Applications
      • Bioinformatics
      • Blockchain
      • BPM
      • Business Continuity
      • Business Intelligence
      • Collaboration
      • Configuration Management
      • CPQ
      • Container Management
      • CEM
      • Data Platform
      • Data Preparation
      • DMS
      • e-Discovery
      • Employee Engagement
      • EAM
      • Enterprise Communications
      • Enterprise Mobility
      • ERP
      • GIS
      • GRC
      • Human Resource
      • Innovation Management
      • Inventory Management
      • IT Infrastructure
      • IT Service Management
      • IT Services
      • Low Code Platform
      • Managed IT Services
      • Marketing
      • Master Data Management
      • Mobile Application
      • Portal Software
      • Procurement
      • Project Management
      • Remote Monitoring
      • Remote Support
      • Sales
      • Software Asset Management
      • Software Testing
      • Supply Chain
      • Task Management
      • Unified Communications
      • Voice Recognition
      • Workflow
  • Verticals
      • Aerospace & Defense
      • Automotive
      • Banking
      • BioTechnology
      • Casino Management
      • Construction
      • Contact Center
      • E-commerce
      • Education
      • Field Service
      • Fintech
      • Food and Beverages
      • Government
      • Healthcare
      • Insurance
      • Legal
      • Life Sciences
      • Logistics
      • Manufacturing
      • Media and Entertainment
      • Oil & Gas
      • Retail
      • Space Tech
      • Telecom
      • Travel and Hospitality
      • Utilities
  • Technologies
      • API
      • Artificial Intelligence
      • Augmented Reality
      • Big Data
      • Chatbot
      • Cloud
      • Content Delivery Network
      • Cyber Security
      • Data Center
      • DevOps
      • Distributed Technology
      • Drone Technology
      • Enterprise Architecture
      • Enterprise Search
      • Enterprise Startups
      • Graphics Tech
      • HPC
      • IoT
      • Java
      • Load Balancing
      • Machine Learning
      • Machine to Machine
      • Machine Vision and Imaging
      • Nano Technology
      • Predictive Analytics
      • Robotic Process Automation
      • Robotics
      • Security
      • Telematics
      • Testing
      • Video Surveillance
      • Virtual Assistant
      • Wireless
  • Partner Network
      • Adobe
      • Amazon
      • Avaya
      • ESRI Partner
      • IBM
      • Infor Solutions
      • Microsoft
      • Mitel Partners
      • National Instruments
      • NetSuite
      • Nintex
      • Oracle
      • Progress
      • Salesforce
      • SAP
      • ServiceNow
      • SiteCore
  • News
  • conferences
  • Newsletter
  • About us
×
news

Subscribe to our Newsletter

Become a member of our mailing list for the latest articles, news, and exclusive insights.

news
news

Enter Your Email Address:

Thank you for subscribing with us. We sent you an email regarding this.

loading
SUBSCRIBE
  • Home
  • Cyber Security
Editor's Pick (1 - 4 of 8)
left
Augmenting Cybersecurity in Healthcare Industry

Augmenting Cybersecurity in Healthcare Industry
Robert Napoli, CIO, Planned Parenthood of the Great Northwest and the Hawaiian Islands

3 Steps To Elevating  Corporate Security

3 Steps To Elevating Corporate Security
Mark Kelly, CIO, VP-IT & Services, Curvature

Security Solutions for Cyber Risk Mitigation

Security Solutions for Cyber Risk Mitigation
Colin Black, CIO, Crowd Strike

The Tao of Cyber Security in today's reality

The Tao of Cyber Security in today's reality
Marc DeNarie, CIO, NaturEner USA & Canada

New Defensive Measures against HACKERS Efficiencies

New Defensive Measures against HACKERS Efficiencies
Dawn Roth Lindell, CIO, Western Area Power Administration

Preventing Cyber-Attacks in Universities with Operational Collaboration

Preventing Cyber-Attacks in Universities with Operational...
Michael Corn, Deputy CIO & CISO, Brandeis University

Addressing Cyber Security Strategically

Addressing Cyber Security Strategically
David L Stevens, CIO, Maricopa County

Ever-Changing Cyber Security of Business Community

Ever-Changing Cyber Security of Business Community
Jim Sills, CIO/Cabinet Secretary, State of Delaware

right

INSIDE or OUTSIDE Where's the Bigger Threat?

By Balaji Ramanujam, CIO and SVP for Products, ASI Government

Tweet
content-image
If there’s anything safe about cyber security, then it would be my statement that there is wider media coverage about external threats and system hacks – think Russia and a host of other accused countries and foreign interests– than reports on insider threats. This leaves most of us imagining that there is more external threat activity than there are blow-ups from malicious insiders and inadvertent actors.

What if the combination of malicious insiders and inadvertent actors is a higher threat than from external sources? A review of scholarly publications suggests this could be true.

For example, the 2015 IBM X-Force Threat Intelligence Quarterly (second quarter) addresses three distinct threat categories: Outsiders, Malicious Insiders and Inadvertent Actors. Malicious Insiders and Inadvertent Actors, who could very well be insiders as well, total 55 percent of the bad guys!

As we become more aware of this growing threat, how should CIOs and CISOs respond to keep the systems and thereby, the country safe? As a quick thought, aren’t we all glad that IM clients like Google Chat have moved to the browser and away from client installs? Shouldn’t there be a concerted effort to minimize installs and resist the proliferation of background processes on client machines? Unfortunately, we all know that the defense strategy needs to be far more robust and far beyond these examples.

There are a number of publications that cover best practices, vendor tools and capabilities in the area of Cyber Security. However, at the heart of this problem is the need for humans to evolve at the fastest pace possible, to sense and defend against virtual threats— a sense that is very different from dealing with physical threats. Ignorance is no longer bliss and negligence has a heavy price tag. We live in times when trust in humans is seen as a vulnerability and weakness by the bad guys.

The classic organizational trifecta of people, process and technology will need to rapidly transform to deal with this threat


Should the next wave of threat detection software be about tracking changes in user behavior, in other words, browsing and social media habits? Let’s be honest, we’re currently relying on endorsements or pledge of allegiance to the bad elements by users to be able to flag and track them down. And we know this doesn’t cut it for Cyber Security or National Security. Should Ad Revenue and Predictive Analytics software be repurposed to guess what Inadvertent Actors are likely to click to draw trouble? How do you repurpose IBM Watson and the likes to start playing a new game with potential hackers to stay one-up and learn their next move? Some vendors claim to have the capability, but buyers aren’t convinced yet.

Rather than engage in more questions, here is a quick start towards a solution. Imagine a defense mechanism inspired by living conch shell – impenetrable but not impermeable, with a gooey middle. The spiral structure of a conch ensures the structural integrity and limited accessibility of the shell’s bottom half. Translate that into:
1. Proactive threat detection software, as opposed to standard virus scan software. Threat sensors meet and flag higher and more diverse usage patterns.
2. Hyperaware staff who peer-review behavior and share data on evolving threats.
3. Data abstraction architecture that morphs constantly to keep intruders from guessing data layout patterns.

While there needs to be a reinforced outer layer of IT security with standard tools, training and audits, what constitutes the inside (privileged data) security layer has become even more critical to the business. How organizations devise methods, predictive tools and processes to govern insider threats will be a significant investment and a differentiator for many businesses. At the least, a cultural shift is necessary to start sensing insider threats and to spread awareness about growing risks.

Organizations can claim that the choice of every employee was deliberate. However, they simply cannot claim there was a choice in the impending threat that an employee posed. There is now a need in the industry for version 2.0 of HP’s famous Flight Risk program that predicts employee behavior. Employee retention will continue to be important, but predicting a possible threat from every employee is even more paramount. At the most basic level, CIOs and CISOs could devise a simple test for prospective employees that pulses if he/she poses a cyber threat to the business. And perhaps, a targeted training even before hiring would be in order. As controversial as this may sound, the potential damage from an insider – when compared to someone with a bad credit – may be far greater than anyone realizes.

Insider threats are an elusive and poorly understood risk to business. The classic organizational trifecta of people, process and technology will need to rapidly transform to deal with this threat. The good news is that firms can repurpose a number of capabilities, like predictive analytics and gaming tools. The better news is that humans have shown to quickly evolve and prevail. The ability to witness the next wave of tools and capabilities to meet the challenge sounds very exciting!

Read Also

New Defensive Measures against HACKERS Efficiencies

New Defensive Measures against HACKERS Efficiencies

Dawn Roth Lindell, CIO, Western Area Power Administration
Preventing Cyber-Attacks in Universities with Operational Collaboration

Preventing Cyber-Attacks in Universities with Operational Collaboration

Michael Corn, Deputy CIO & CISO, Brandeis University
Addressing Cyber Security Strategically

Addressing Cyber Security Strategically

David L Stevens, CIO, Maricopa County
Ever-Changing Cyber Security of Business Community

Ever-Changing Cyber Security of Business Community

Jim Sills, CIO/Cabinet Secretary, State of Delaware

Cyber Security Special

  • Integrity Security Services: Embedded IoT Security and Management
  • ProStar Solutions: New Age Cyber Security and Hosted Solutions

Featured Vendors

  • INTEGRITY Security Services: Embedded Iot Security and Management
    INTEGRITY Security Services: Embedded Iot Security and Management
  • 3i International: Ingenious Cyber Security Solutions
    3i International: Ingenious Cyber Security Solutions
  • Absolute: Self-healing Endpoint Security
    Absolute: Self-healing Endpoint Security
  • Axiad IDS: Preventing Cybersecurity Threats with Axiad ID Cloud
    Axiad IDS: Preventing Cybersecurity Threats with Axiad ID Cloud

Copyright © 2019 CIOApplications. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy |  Sitemap  |  Subscribe

follow on linkedin follow on twitter follow on rss
This content is copyright protected close

However, if you would like to share the information in this article, you may use the link below:

https://cyber-security.cioapplications.com/cioviewpoint/inside-or-outside-where-s-the-bigger-threat-nid-276.html