Lev Matveev, SearchInform: Information Security Officers to actively focus on protection against internal threats

Lev Matveev, SearchInform: Information Security Officers to actively focus on protection against internal threats

Lev Matveev, the Chairman of the Board of Directors at SearchInform reveals major threats to businesses and offers solutions to counter them.

What major information security trends of 2024 you’d like to point out?

I’d like to point out three major trends: an increase in the number of data leaks and incidents, caused by employees; severe lack of IS officers on the market;  as a consequence, the growth of the MSS market and an increase in the popularity of IS outsourcing services.

You claimed that protection against internal threats comes to the forefront: Why?

Let me reveal some statistics: 72% of companies in the UAE experienced data leaks, caused by insiders’ actions. It’s a staggering number. Previously, businesses considered hackers, and external malicious actors the major threat to business. However, now they begin to understand, that internal threats, related to insiders pose the biggest threats. Employees have legal access to the infrastructure and are acknowledged of the internal threats. Unscrupulous employees’ actions can lead to irreparable damage – and it isn’t about the data leaks only.

Hardly a week passes by without exposure of news on a new incident occurrence: in one company somebody stole unique developments and sold them to market competitors; in another company employee of the procurement department received a USD$300,000 kickback; in the third company the HR managers used to leak employees’ details; in fourth company employees of one branch hadn’t been coming to their workplace for weeks, and a single employee was present at the place and switched on PCs for the whole team.

We conducted research among companies, which are customers of our Managed Security Services and revealed that 100% of companies detected serious IS incidents within the first month of the service usage. These are data leaks, cases of corporate fraud, and systematic idleness when employees spend 60 % of their time on YouTube or social networks. All these incidents lead to direct financial losses for businesses.

All these cases are today’s scourge. Most companies are actively involved in the digital processes. However, many forget, that data on PCs should be protected as reliably, as money, and kept in a safe. Despite it’s very unpleasant to admit, the protection should be implemented even against own employees.

Which state–of–the–art software ensures protection against such threats?

Ensuring protection against internal threats requires a complex approach and a few types of protective solutions.

The first one is the DLP class solution. This class of solutions ensures protection against data leaks and reveals cases of corporate fraud, theft and many others as well.

The solution tracks, which data is sent via email, uploaded to cloud storage, and recorded to flash drives. The software tracks the transmission of documents in image formats and enables control of audio. Some systems even offer capabilities for ensuring control of employees’ productivity when working on corporate PCs. For example, they enable us to find out, which websites do employees visit, which programs do they work in and how much time they spend on work-related activities.

The second class of solutions is DCAP class systems. These solutions classify and categorize data in storage, add appropriate labels to confidential files, ensure control of operations with sensitive data, and block dangerous kinds of activities with files.

Implementation of systems for automated employee profiling (detection of risk groups employees, negative tendencies in the team), SIEM systems (which perform processing, correlation of security events and respond to them), and DAM systems will enhance corporate protections.

What should companies protect from, how to ensure protection and why does the number of data leaks permanently increases?

I will point out three major reasons.

The first one is the lack of IS experts.

Protective software must be appropriately handled, it’s not an anti-virus, which works immediately upon implementation. If there are no experts available, companies don’t purchase software.

The second reason is the lack of budgets, especially among SMEs.

For such companies, it’s unbearable to purchase protective software and hardware and hire an onboard specialist. Simultaneously, it’s an inappropriate task: the amount of work tasks for onboard IS officers in SMEs is often small, and experts simply don’t have the work to do. The solution in this situation may be to delegate information security-related issues to Managed Security Service Providers. If the issues of information security and lack of qualified specialists are actual for readers, we’re glad to invite you to attend our SearchInform Road Show. This is the conference on information security, during which we’ll reveal, how to ensure the protection of companies against internal threats. Participation in the conference is free, it will take place in Dubai and Abu Dhabi.

The third reason is the lack of regulation by government authorities.

However, the situation is changing. For example, in the UAE Regulators develop acts, aimed at enhancing of corporate protection. What’s more, some specific regulations even prescribe the implementation of specific protective solutions. For example, the UAE Information Assurance Regulation issued by the United Arab Emirates Telecommunications and Digital Regulatory Authority prescribes the use of DLP as a data loss prevention means.

When it comes to choosing protective solutions, what major advice to business owners and IS specialists you can give?

My advice – don’t trust any vendor’s word. Implement the full-scale trial. If the trial is not free of charge, it should be considered suspicious, because leading vendors offer the first moth trial for free. Load the system as much as possible and evaluate, whether the system is really stable and efficient. I recommend focusing on the speed of the solution’s operation; whether the solution interrupts employees’ work processes or not (the advanced solutions offer a flexible approach); whether the solution offers detailed and precise analytics etc. Pay attention to the technical support department employees’ speed of responding; and whether the vendor offers free training courses on work with the software. Pay attention to the hardware requirements. All these factors will affect the price of software owning and usage.