It’s somewhat alarming to discover that 55% of all data breaches in 2014 came not from hackers but from insiders – with the most affected industries being public, healthcare and financial services according to a 2015 Data Breach Investigations Report.
This latest report conducted by Verizon with contributions from 70 organisations around the world has found that an employee will be a company’s biggest threat. But despite this worrying statistic, internal data security is rarely given the importance it deserves.
Large companies often lose track of the internal permissions structure – leaving highly sensitive data susceptible to unwarranted internal access. This often results in financial penalties, legal problems or data theft.
Traditional approaches are no longer sufficient to manage users and their access rights. Only if you know who has access to which data, across your organisation, can you defend your sensitive information against unauthorised access and shield your business from malicious threats and information security risk.
A closer inspection of authorisation structures often reveals over privileged users and other discrepancies which can lead to serious insider fraud. Proactive security measures are therefore needed to limit access strictly on a need-to-know basis.
This not only nurtures accountability and awareness, but also contributes to significant cost and time savings.
A Data Access control review from Inspired provides any size of organisation with a single pane view of who has access to what data, across the organisation and for all users, to enable data owners to make informed decisions as to who ‘should’ have access to what information.
The review can be provided ‘as a Service’ to regularly audit data access controls, or as a solution to enable on going data governance controls.
By providing companies with a simple, single pane view of all permissions – across all systems and locations – it will leave no threat undiscovered. All changes to user rights and group memberships are documented and auditable. Furthermore, anomalies can be quickly spotted to avoid employees having any unauthorised access to confidential and sensitive company data.
Using traditional measures, an IT team will take many weeks to analyse data access controls for compliance, audit and regulation. Inspired’s Data Access Control services provide immediate answers to demonstrate to senior management that proactive data security controls are being maintained.
For organisations with sensitive or large amounts of unstructured data, or for those using Active Directory or are subject to compliance requirements, a Data Access Control service represents one of the best ways to efficiently mitigate against insider threats.
Time and again companies are caught off-guard by inappropriate access rights. With individuals abusing the access they have been entrusted with by their organisation in virtually every industry whether it’s for financial gain or simply convenience, isn’t it about time you addressed the data breaches originating inside your company walls?
0 Comments
Leave A Comment