Fraud Management & Cybercrime , Governance & Risk Management , Insider Threat

Tips on Preventing Insider Breaches

David Gibson of Varonis on Mistakes Organizations Make

To combat breaches involving insiders, organizations need to limit employees' access to data and more closely monitor access activity, says security expert David Gibson of Varonis.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

A problem at many organizations is that when it comes to providing employees access to systems and networks, "anybody can get inside," Gibson says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

A study earlier this year conducted by Ponemon Institute and sponsored by Varonis found that 62 percent of employees say they have access to far more data than they need to do their jobs, Gibson notes. On top of that, less than 30 percent of organizations say they have a "searchable record" of what their insiders are doing with that data, he adds.

That's akin to a bank where "anyone can go into the vault, and no one is watching what they're taking out - you've got a really big proposition for danger."

By prioritizing detection, "and making sure you're looking at what employees are doing with data, you can potentially catch a lot more [breaches], but you also have to make sure they only have access to what they need to have access for," he stresses.

In the interview, Gibson also discusses:

  • The different categories of insider threats that healthcare sector entities need to worry about;
  • Heightened consumer privacy concerns as more data is being collected via email, voice mail, GPS and camera surveillance;
  • Emerging cyber challenges involving the internet of things.

Gibson, CISSP, is vice president of strategy and market development at Varonis. He has more than 15 years of IT industry experience. Since joining Varonis in 2006, he has held positions of sales engineer, sales engineer manager, director of technical marketing and vice president of marketing. Prior to Varonis, Gibson was a New York-based systems engineer for Tripwire and worked as a network management and security engineer at International Integrated Solutions Ltd.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.