Zero Trust Framework – Mitigating Your Growing Insider Threat with Data Security

by Paul Knight | 5 min Read

Zero Trust Computing flips the script on insider threats

The 2020 IBM Data Breach report highlights the existential threat from insider threats for enterprises handling sensitive data. Zero Trust counters insider threats by rethinking the data security model to secure all data and application assets in every state, at all times. This post examines the insider threat, how Zero Trust flips the script, and its growing importance to organisations entrusted with sensitive data.

Trust no-one… except the cybercriminal

IBM report the average enterprise cost of a cyber breach, at $3.86m, is slightly lower than in 2019, thanks to investment in automation and perimeter protection. Yet the impact of internal breaches is growing. Data breaches from stolen or compromised credentials cost businesses almost a million dollars more than the $3.86m average. Perimeter protection and automation are effective because cybercriminals can largely be trusted to behave in particular ways. It’s insider data security risks which present the greater risk, with negligence, credential theft or cloud misconfigurations creating the headline-grabbing losses.

Any organisation can have an Edward Snowden

Cybersecurity and training can’t avert the threat from a mistake or an external influence, from a recent attempt to bribe a Tesla employee into sharing confidential data to the case of Edward Snowden. Snowden demonstrated the power of the insider threat by walking out of his job for a US NSA defence contractor carrying four laptops and the ability to make millions of secret records public. He could do this because, as with many organisations, there was only operational protection for these for anyone like Snowden working within the NSA perimeter. He bypassed the external technical elements of protection and detection so the breach was only detected when he went public.

Conspiracy or carelessness, the damage is the same

It doesn’t need an Edward Snowden type conspiracy, just a moment of inattention such as succumbing to a spear-phishing attack, leaving a laptop unlocked or misconfiguring a cloud interface. The IBM report found that 63% of insider threats are caused by negligence. We trust our employees and partners to do the right thing, but we can’t legislate for individual mistakes.

Size (and scope) matters

IBM found that breaches of more than 50 million records cost $392m on average, 100 times the mean. Data sensitivity is a key factor in breach costs, with larger enterprises handling sensitive financial transactions, healthcare information, PII and digital IP particularly exposed. Another IBM report shows that the average insider breach recovery cost to a smaller company is $7m, a little more than half what it costs for larger companies in the finance, services or IT sector.

The Covid effect

Covid-19 has created its security challenges, with one report citing a 400% increase in complaints to the FBI cyber division. 70% of organisations have reported that remote working increases the cost of a data breach. 76% say it increases the time to identify and contain a breach.

Zero Trust and Confidential Computing

Traditional environments rely on operational assurance that employees, partners and applications will not access data without specific authorisation and need. Growing insider breach costs and post-Covid challenges indicate this model is no longer adequate for larger enterprises handling sensitive data. Zero trust changes the insider threat landscape by flipping traditional security models. It replaces operational assurance with technical assurance that actors cannot physically access data and applications, at rest, in transit or use, without specific justified need. A confidential computing environment delivers zero trust by providing a level of assurance of data integrity, data confidentiality, and code integrity, giving increased security guarantees for the execution of code and protection of data. Unauthorized entities encompass other applications on the host, the host operating system and hypervisor, system administrators, service providers, the infrastructure owner and anyone with physical access to the hardware. IBM z/series users have access to a confidential computing environment through IBM Hyper Protect Services, a flexible, Linux based platform offering seamless hybrid cloud capability. Implementing a zero trust framework has the potential to reduce IT spend while enhancing your protection and security, reducing both your current IT spend and your exposure to the potential cost of a breach.

What next?

Larger enterprises handling sensitive financial transactions, healthcare information, PII and digital IP, face existential risks from internal data breaches. Zero trust secures sensitive data with a model where internal threat protection is built-in. For some organisations the level of exposure does not warrant change, for others, it may be anything from a simple evolution on their natural upgrade path or a badly-needed wholesale change. If you believe your level of exposure warrants a closer look at zero trust, and to see where you are on the evolutionary path, book a free assessment with us today.