IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Why businesses need a strategy to combat the enemy within – Ping Identity

By Contributor
Wed 18 Sep 2019
FYI, this story is more than a year old

Article by Ping Identity APAC chief technology officer Mark Perry

Worried about the prospect of your organisation falling victim to a hacking attack or data breach?

A seemingly continuous stream of attacks on local organisations has put Australian enterprises of all stripes on high alert – and with good reason.

Not only is the threat of cyber-compromise or attack real and rising, the cost of responding to and recovering from an incident has never been higher.

Along with the bills for remediation, repair and legal advice, it includes the loss of productivity if operations are knocked out of action, as well as the dent to reputation that can result from negative publicity.

A publicly-listed property valuation firm in Australia experienced two significant data breaches earlier this year, resulting in the loss of major customers, the departure of a CEO and a bill of at least $7 million.

But while strengthening your organisation’s external defences with the latest tools and technologies makes sound sense, it’s only half a battle plan.

Insider attacks, by individuals who have at some point been granted access to systems and data, can be as much of a risk as attacks from outside an organisation – and sometimes harder to detect.

Research suggests they account for more than a third of attacks, and current and former employees, business partners and contractors all represent potential vulnerabilities.

The issue is exacerbated by the fact that digital transformation has opened many organisations up in unprecedented ways.

Sensitive information that was once kept under lock and key in the corporate data center is now accessed and exploited across the enterprise, by companies keen to gain a competitive advantage.

Given this, developing a program to mitigate insider threats is an imperative for organisations across Australia and New Zealand.

So, what steps are needed to put one in place?

Create a key stakeholder group

While cybersecurity has traditionally been the remit of the ICT department, mitigating insider threats isn’t a job for a single person or business unit.

The most successful insider threat programs are multi-disciplinary efforts which pull together teams comprising security and risk specialists, human resources professionals and legal experts.

Together, they can provide all the pieces of the puzzle.

Security professionals are au fait with the organisation’s sensitive data, know where it’s stored and are familiar with the myriad ways insiders can abuse their privileges.

HR departments are responsible for the human element: ensuring employees are clear about their responsibilities and managing the disciplinary process, should a violation be detected.

Legal departments have a less hands-on role to play but their input is vital in determining the thresholds for malicious intent and the consequences of actions.

Modelling the dangers

Mitigating insider threats begins with identifying those threats that are of greatest concern.

The size and nature of your enterprise will determine what these are likely to be.

For some businesses, it may be the theft of sales data while for others, it could be the loss of intellectual property.

Ranking the risks you face, in terms of seriousness and likelihood, allows you to develop commensurate prevention and response plans.

Developing a critical watch list

Once key threats have been documented, it makes sense to develop a ‘watchlist’ of teams and departments, which have the most opportunity to misuse data and compromise critical systems.

For example, sales, finance and executive leadership teams typically have access to customer lists, financial performance data and intellectual property.

Meanwhile, IT professionals have the opportunity to pull off the ultimate insider heist, given their intimate knowledge of security processes and procedures.

Other potential bad actors include customer service agents, privileged third parties— including contractors and partner organisations—and software developers who have the opportunity to build vulnerabilities into new systems from the outset.

Develop technology-supported processes to reduce the risk

When it comes to cybersecurity, there are no infallible measures.

Hence, the focus should be on putting controls and processes in place to mitigate key risks. Ways to do so include:

  • filtering potential perpetrators by conducting pre-employment checks;
  • putting confidentiality and code of conduct agreements in place;
  • reiterating policies and practices in regular training sessions;
  • deploying technologies that can prevent, detect and mitigate insider threats quickly, like multi-factor authentication;
  • reviewing employees’ data usage patterns prior to their departure, whether voluntary or involuntary, to ensure valuable corporate data isn’t leaving the premises with them.
Time to act

In today’s digital business landscape, cybersecurity is too important to leave to chance.

For enterprises that value their data, reputations and financial viability, it is essential to put systems in place to identify and mitigate both inside and outside threats.

Related stories
Top stories
Story image
Bridgestone Australia uses Dematic's AGVs to optimise warehouse operations
Bridgestone Australia has deployed Dematic's Automated Guided Vehicle solution across its new Melbourne warehouse in Truganina.
Story image
Marketplacer and Adobe accelerate partnership for enhanced commerce solutions
Marketplacer has accelerated its partnership with Adobe in order to further enhance the global commerce marketplace.
Story image
Rubber Monkey gears up for Aussie market with latest capital raise
Rubber Monkey is seeking to raise up to NZ$2.5 million of new capital through online investment platform, Snowball Effect.
Story image
ABI Research
NaaS market expected to reach $150B by 2030 - research
"The market is immature and fragmented, but telco market revenue will exceed US$75 billion by 2030 if they act now and transform to align with requirements."
Story image
What brands can expect from Amazon Prime Day in Australia
Amazon Prime Day is the annual two-day shopping event, kicking off this year from July 12-13 and is the global online shopping platform's biggest sales event. 
Story image
Artificial Intelligence
Salesforce announces new innovations for financial services
Salesforce has launched expanded financial services that offer more targeted and trusted automation to help teams unlock insights, deliver better customer service, and drive operational efficiencies.
Story image
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Document Management
NZ's FileInvite raises $10M in latest investment round
FileInvite has raised $10 million in Series A investment to fast-forward the extinction of email for requesting and collecting documents online.
Story image
The next stage for 5G in thermal materials - IDTechEx
IDTechEx says higher frequency deployments, such as mmWave devices and very different station types such as small cells, present their own technological evolution and, with it, thermal challenges. 
Story image
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
SentinelOne integrates with Torq to empower security teams
"With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.”
Story image
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
ASI Solutions
Western Australia CUA panel picks ASI as preferred supplier
Western Australia's Common User Arrangement (CUA) panel has chosen ASI Solutions as a preferred supplier for device hardware.
Story image
Multi Cloud
Cloud is a tool, not a destination
For many years, “cloud” has been thought of as a destination which has led to a misguided strategy that sees an enterprise trying to shift all its applications to a single cloud provider – regardless of the specific needs and nuances of each individual workload.
Story image
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Story image
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Security Information and Event Management (SIEM)
LogRhythm updates SIEM Platform with latest innovations
LogRhythm has announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
Story image
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
Your tools, your choice: why allow employees to choose their own devices?
Jamf Australia says giving your team the freedom to work with their digital device of choice could help to attract and retain top talent in a tight labour market.
Story image
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Honeywell named Frankston facility services provider
Honeywell has been named the joint facility services provider for Frankston Hospital’s AU$1.1 billion redevelopment.
Story image
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.