Amidst the increasing risk to businesses, a large part of it comes from within. Insider threats have increased both in frequency and cost over the last two years. Credential theft, for instance, has almost doubled since 2020. The total annual average cost of insider threat across the world is pegged at $15.4 million of this $4,1 million is due to malicious insiders.
Despite the growing number of insider cases (67% of organizations globally say they experience around 40 incidents per year) and the cost arising out of it, it takes an average of 85 days to contain the incident as investigation takes longer. And only 12% of organizations are able to contain an incident within 30 days.
With organizations having to bear the cost of insider threats, and the time taken to investigate these cases increasing, businesses need digital forensics tools to speed investigations. Despite this pressing need, 52% of organizations in India say they do not have a dedicated investigation function within the organization, while half of them feel their existing investigation structure is ineffective. This is because only a few organizations (33%) in India have in-house technology support to conduct an end-to-end investigation and review of cases.
We recently interacted with Shashidhar Angadi, Co-founder & CTO, Exterro. He shared his views on how rising insider threats calls for businesses to adopt digital forensics solutions.
Read below to know more!!
Introduction.
Exterro empowers the world’s largest organisations, law firms and Government agencies to proactively and defensibly manage their Legal Governance, Risk and Compliance (Legal GRC) requirements. Exterro automates the complex interconnections of legal operations, digital forensics, data privacy and cybersecurity compliance. Thousands of legal teams, IT leaders and investigators around the world use our integrated Legal GRC platform to manage their risks and drive successful outcomes at a lower cost. Exterro helps companies deal with myriad duties related to e-discovery, internal investigations, data subject requests, incident and breach notifications, defensible data retention with seamless orchestrating workflows among other functions in the legal GRC space.
Why are insider threats (both intentional and unintentional ones) growing in India?
India has been one of the faster growing economies in the world. Despite the impact of COVID-19 on economies spanning the globe, India is growing at a much faster rate than the rest of the emerging economies. With a large population of tech-savvy youth and the big governmental push toward digitalization, India has seen exponential growth in digital data. The country has the highest mobile data consumption of 12GB per user per month and is estimated to have 780 million smartphone users. Additionally, the new work models like work from anywhere and bring your own device are relatively new to the Indian market and were only adopted after COVID-19.
This also means that data proliferation increased manifold swiftly over the last few years. And there exists a gap in efficient processes and maturity in managing issues like data security, privacy, and risk management among Indian organizations. Most have been slow in implementing policies and procedures in this regard and also training employees to adhere to them. One of the reasons for this could be that laws concerning data protection and privacy are still being formulated in India and businesses don’t know which direction they must go. However, organizations need to anticipate such legislation and prepare themselves as the government is in the process of drafting the PDBP to include the joint parliamentary committee’s recommendations. Yet, organizations have not invested in teams and technology solutions to help them identify and mitigate intentional and unintentional insider threats and protect data. The regulatory bodies on the other hand face challenges in shortage of resources, manpower and technology to enforce existing laws. The amalgamation of these factors are some of the reasons that insider threats continue to grow in India.
How has Covid-19 accelerated the transition to digital for the IT industry? What will be the new normal in the industry?
COVID-19 forced radical changes in the world, especially in the way people and businesses interact with each other. With the shift to remote and hybrid work models, the corporate network expanded to beyond the perimeter of the office building. To enable this, companies adopted collaboration platforms like Zoom, Office 365, Google G-suite etc to conduct day to day operations. Businesses were also forced to serve their customers without contact and this increased tech adoption rapidly.
In this new normal, five challenges emerge, especially for the IT industry:
- An extremely distributed workforce – The industry needed to adapt to people working remotely rather than being present in the office premise. Remote working is not only a necessity but it has become a perk for employee retention. This is now the new normal and we see many tech companies implementing remote and hybrid work models.
- Remote access and security — With a distributed workforce, issues related to privilege access, security and monitoring is a top priority for CIO’s and CISO’s. Multi-factor authentication, single sign on, DLP and zero trust network security are now crucial to running an organization safely and securely.
- High reliance on collaboration tools – Collaboration tools like Slack, Google G-suite, Microsoft Office 365 and communication tools like Zoom, and Google Meet among others are now being used as modes of communication within organizations.
- Increased cloud adoption – Organizations have been aggressively pursuing cloud adoption to ensure business continuity and ensure organizational growth. Organizations are expected to continue this trend owing to the speed, convenience and efficiency cloud adoption offers.
- IT asset management and data inventory – Companies will now have to start aggressively tracking IT asset management and be on top of their data inventory to protect themselves and their customer data.
What, as per you, are the five important things that Exterro should be looking at today?
Exterro’s end-to-end Legal GRC platform helps organizations effectively manage their data to eliminate risk while adhering to compliance norms. Looking ahead, five important avenues where Exterro can help organizations would be:
- Building an effective and smart data inventory.
- Having an accurate inventory of data related to all the systems and understanding who has what level of access is extremely important as businesses and customers go digital. As employees move across departments and leave organizations it is important for organizations to protect themselves from cyber security incidents and insider threats.
- Exterro’s technology can help organizations create a strong privacy framework and tie it to their data inventory and retention practices in line with global regulatory norms.
- Help organisations with internal investigations, electronic discovery and subject access requests at scale to reduce redundant, obsolete and trivial data. These techniques are cost-effective and mitigate risks.
- Leverage AI and ML to provide actionable intelligence to users on their data integration with SIEM tools and help organizations to quickly react to cyber threats using SOAR automation with endpoints.
How digital forensic solutions can help in-house investigations?
Today, most data is electronically stored and businesses rely on it heavily to run their operations. Employees use computers, mobile phones, and other digital devices to access information stored on hard disks, network shares, emails systems and other content repositories both on their network and in the cloud. The data contained in these systems include critical business assets such as customer data, intellectual property, financial data etc. Such sensitive data is prone to threats both from within and external threat actors. Left unprotected, they can lead to data breaches.
Digital forensics helps collect data in a forensically sound manner that is mandated by governing laws and regulations, by courts and other regulatory bodies. It recreates bit by bit images of devices to ensure data integrity is preserved and ensures the integrity of the evidence. Digital forensics solutions help build collaboration between individuals and teams within the organization involving IT, Security, HR, legal and compliance to collect, analyse and produce relevant data. These solutions collate and analyse system files, log files, and user activity for in-house teams to assess the nature of the malicious activity and the damages incurred so they can be prevented in the future. A good digital forensics solution can be integrated with SIEM tools to mitigate threats using SOAR.
Why digital forensics can enable organizations in reducing risk brought on by insider threats?
Insider threats have increased to 40% over the past 2-3 years. A recent study revealed that 22% of them originated internally. The average cost of insider threats has also increased rapidly over the past couple of years averaging $13 million. Both intentional and unintentional insider threats continue to evolve. Cybercriminals have become more lucrative and are even incentivising employees to plant malware for ransomware attacks. Insider threats can be extremely expensive and disruptive for business continuity and they may go unnoticed for weeks and sometimes months. Once a breach occurs due to an insider threat, organizations have to react immediately. Data needs to be collected from various endpoints across the network and from remote locations and sometimes it needs to be covert. Once data is collected it requires analysis and actionable insights to determine the best solution for remediation.
Although digital forensics solutions can help investigate breaches, the real value lies in helping organizations become proactive in avoiding insider threats. They can be integrated with SIEM tools to create a SOAR, which is necessary to take preventive action, enabling organizations to shore up their defences. The data collected using digital forensics solutions on system files and transient memory can help the SIEM tools to trigger workflows automatically to reduce the risk of data breaches from occurring.
How can these solutions reduce risk brought on by outsourcing investigations?
The goal of any investigation is to obtain an unvarnished view of facts about any incident to get to the bottom of what went wrong. An internal investigation entails data preservation, collection, and review which can be quite expensive, complex and time consuming. Outsourcing internal investigations requires businesses to identify the right vendor specializing in digital forensics and has the tools and resources to perform the tasks in a defensible manner. The outsourcing company needs to be educated about the company’s IT infrastructure and the devices that require data collection and analysis. Additionally, timely interviews with relevant people in the organization are extremely important as they can provide information and proper context to analyse the data. The outsourcing companies might need to take this data to their data centres to process it or in turn, send it to other third parties to complete the investigation. This poses a greater risk of data loss or data theft and may not always be forensically sound. Having an end-to-end digital forensic solution can help in-house teams get to the facts of the case faster and easier, while also ensuring cost effectiveness. Such solutions also mitigate risks of data movement, nonstandard and non-defensible approaches, and data spoilage.