Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac
  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Digital Technology

    Enterprise Security

    HPC

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    POS

    QA and Testing

    Robotics

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Wireless

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Dynamics 365

    Google

    HP

    IBM

    Intel

    Microsoft

    Microsoft Azure

    Oracle

    Red Hat

    Salesforce

    SAP

    Share Point

    VMware

  • Business Intelligence

    Business Process Management

    CEM

    Cognitive

    Collaboration

    Corporate Finance

    CRM

    Data Center

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Fleet Management

    Gamification

    Geographical Information System

    HR Technology

    IT Service Management

    Managed Services

    Payments

    PLM

    Procurement

    Project Management

    Risk Management

    Sales and Marketing

    Workflow

Menu
    • Cyber Security
    • Amazon
    • Banking
    • Blockchain
    • CISCO
    • Cognitive
    • Compliance
    • Contact Center
    • DevOps
    • E-Commerce
    • Field Service
    • Gov and Public
    • Healthcare
    • HR Technology
    • IoT
    • Managed Services
    • Manufacturing
    • Metals and Mining
    • Microsoft
    • Oracle
    • Pharma and Life Science
    • Retail
    More
    Contact Center DevOps E-Commerce Field Service Gov and Public Healthcare HR Technology IoT Managed Services Manufacturing Metals and Mining Microsoft Oracle Pharma and Life Science Retail
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Cyber Security
    Editor's Pick (1 - 4 of 8)
    left
    Leadership Framework for Building Elite Teams

    Douglas Duncan, CIO, Columbia Insurance Group

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Marc Probst, CIO & VP, Intermountain Healthcare

    Secure Text Messaging in an Academic Medical Center - Experience and Lessons

    Kari Cassel, SVP & CIO, UF Health

    Top 3 Challenges Growing Businesses Face and How the Cloud Can Help

    Ken Shulman, CIO & CTO, Broadview Networks

    Cloud Security Grows Up

    Kevin Winter, VP & CIO, Booz Allen Hamilton

    Neil Jarvis, CIO, Fujitsu America, Inc

    Moving towards an Intelligent, networked and boundary less world

    Rajeev Batra, CIO, MTS India

    Human behaviour the weak link in cyber defence

    James Forbes-May, VP, Asia-Pacific, Barracuda Networks

    right

    It's Time to Turn Security Inside Out

    By Gilad Raz, CIO, Varonis

    Tweet
    content-image

    Gilad Raz, CIO, Varonis

    When 100,000 U.S. taxpayers were the victims of identity theft at the IRS earlier this year, it seemed like just the latest in a long line of cases that constantly remind us: everyone’s at risk. But there was something unique about this particular episode—it prompted business leaders to rethink their security priorities.

    IRS Commissioner John Koskinen actually told The Wall Street Journal that what happened to them specifically was “not a hack or a data breach.” Why? Because the IRS security systems weren’t actually compromised. “These are imposters pretending to be someone,” he said.

    This draws a startling parallel to Edward Snowden, the famous NSA contractor who leaked classified information in 2013. While Snowden had the authority and clearance to access all of the classified documents that he ended up exploiting (which was far more access than he needed to do his job), no one inside the NSA was tracking Snowden’s digital footsteps. No one was looking at what he was opening and exploring. How could the country’s leading surveillance organization not be tracking the activity of its own people surrounding these sensitive files?

    “Unstructured data is the data we have the most of, and know the least about”

    Perhaps most surprising is the fact that this same pattern is not uncommon, and–despite all the hype around Snowden–it remains a massive issue in every industry.

    Gartner refers to unstructured data (our emails, word documents, spreadsheets, presentations, etc.), as “dark data” because, let’s face it, when it comes to what’s going on with these files, most organizations are clueless. And so much of data contains sensitive information, like social security numbers, credit cards numbers, personal health information, financial records, or confidential forecasts and roadmaps. Unstructured data is the data we have the most of, and know the least about.

    It would seem that protecting these assets where they live would be given. But unfortunately, our culture of convenience and rapid innovation has led us all down a path that has spurred exponential creation, duplication, and sharing of business data while leaving it virtually unmonitored and poorly secured. According to IDC, the world’s data is expected to grow by 50x over the next decade, and 90 percent of that new data will be unstructured business data. And, according to Forrester Research, many of the highest-profile breaches have involved compromised identities of individuals authorized to access some part of an organization’s computing environment.

    One of our light-bulb moments happened when we were approached by a large military organization where a trusted insider stole and sold hundreds of thousands of files without anyone noticing. The organization had invested tens of millions of dollars in every security technology you can think of and had dozens of people managing access to data, but it wasn’t enough.

    This employee had access to the same sensitive files as their supervisor, 90 percent of which were not relevant to their job. Even after the organization realized there was a breach, they couldn’t respond effectively because they didn’t know the scope of the damage. They couldn’t even figure out what files were taken after the fact.

    If we had effective walls up to protect these files from getting stolen or leaving our networks, much of this wouldn’t matter. But let’s be honest: there is no security perimeter anymore. Cyber criminals are getting good, excellent even, at their jobs.

    If a hacker or rogue employee wants something, they can get it. And exploit it. All they need is access to a few (maybe even one) employee accounts, and it’s entirely possible that no one will notice they are accessing, modif or copying information once they are inside. And the wrong person merely seeing certain information they shouldn’t, can be a compromise. Nothing needs to be infiltrated but one’s memory.

    We need to turn security inside out. For years, the C-suite has been asking the security team to focus on sealing the borders and identifying the criminals. But why invest disproportionately in the perimeter when there’s no certainty that the threats are outside and the assets are inside at this point?

    The reality of insider threats (malicious, unintended, or caused by co-opted identities) is a major factor driving new approaches to user behaviour analytics (UBA). Organizations can now use constantly collected metadata to monitor risky user behaviour, unusual patterns of data access and other signs of risk from their employee populations as well as vendors, customers and other third parties with access to their networks. Alerts can be customized and automated. Turning security inside out means recognizing that users are often the weak link in the chain.

    Juniper Research recently predicted that breaches will cost the US $2.1 trillion by 2019. When will this be a big enough business problem to convince enterprises to flip their perspective?

    Varonis Systems (NASDAQ: VRNS) is an American software company which also has operations in Singapore. Founded in 2004, the company employs over 1000 people worldwide with a turnover of $164.5 million.

    Read Also

    Leadership Framework for Building Elite Teams

    Leadership Framework for Building Elite Teams

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Cloud Security Grows Up

    Cloud Security Grows Up

    Top 3 Challenges Growing Businesses Face and How the Cloud Can Help

    Top 3 Challenges Growing Businesses Face and How the Cloud Can Help

    25 Hottest Cyber Security Companies - 2018

    25 Hottest Cyber Security Companies - 2018

    Top 25 Cyber Security Technology Companies 2017

    Top 25 Cyber Security Technology Companies 2017

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)

    Cyber Security Special

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cyber-security.apacciooutlook.com/ciospeaks/it-s-time-to-turn-security-inside-out-nwid-4170.html?utm_source=google&utm_campaign=apacciooutlook_topslider