There are countless reasons why a cyber breach might take place and break through a company’s existing defences. A weak firewall, poor passwords, and phishing scams are usually pinned as the reason. However, there is one area that is equally as critical and yet often overlooked: insider threat.
Insider threat is now looking worse than ever before, with an estimated 90% of tech crimes being committed by employees. Most data breaches are simply about access and opportunity. 75% of employees say that they have access to data they shouldn’t, and 25% of employees are willing to sell data to a competitor for less than $8,000.
So it is clear that a strong solution is needed and that we need it now. A large-scale culture shift may be the only way to truly combat insider threats. Everyone in the organisation needs to be made to feel that cyber security is their own responsibility – from the CEO to the worker on the shop floor. But without the right tools and information, there’s no clear path for companies to choose.
Implementing a solution to analyse the employees that are most likely to become threats in terms of access rights is a step in the right direction. For example, idax looks at what your staff have access to and tells you which of those access rights are unusual compared to the rest of the organisation and their peers.
However, you can throw all the analytics as you want at a solution like this, but if people aren’t engaging and using the results to make good, informed decisions, there’s really no point at all.
This is one of the reasons why the user experience (UX) and the user interface (UI) are one of the most important factors to consider when encouraging people to engage with the solution. A strong UI is not there just to look nice and be aesthetically pleasing. The UI of your identity analytics platform is a critical component for getting people engaged with security.
Traditionally, anything security-related has been taken care of by a specialist team – whether that is an IT team or a security team. In theses cases, it doesn’t matter what the UI looks like, or if anyone else other than the security team could understand and use it, as they would be the only people within the whole organisation engaging with it.
More and more organisations now are moving away from having just the security team deal with all things security, and are instead putting line managers in charge of access rights. This often involves the line manager having to deal with a highly complicated, confusing spreadsheet of access details, with no context or explanation about what in the list refers to what data, and what files are required for a role.
Idax looks at battling just this with the launch of our new version 3 update. By prioritising the user experience with an intuitive, state-of-the-art UI, we are encouraging companies to put the user experience at the forefront of cyber security and start their journey towards a safer and wholey trusted environment.
Ultimately, organisations will move towards a fundamentally different culture of security. Each and every employee will be given the responsibility of self-certifying their own access rights, using an engaging UI that everyone can use.
In the long run, idax is helping companies become part of the security revolution that will soon be upon us. Getting everyone in a company to self-certificate their own access rights – with oversight and ultimate approval from line managers – will ultimately eliminate any internal threat whatsoever. However, this will take time. Creating a UI that line managers already intuitively know how to use, just from the way it looks, is the first step in kick-starting the culture change towards internal security.