UNIVERSAL CITY, Calif. — Safeguarding sensitive information from insiders can be just as important as securing that info from those outside an organization — especially when using collaboration tools such as Office 365 and Microsoft Teams, according to LiveTiles and artificial intelligence-driven security solution provider Nucleus Cyber.
Therefore, it’s important to take basic steps to provision and secure your collaboration tools.
“The insider threat is one that a lot of people are concerned of” today, Steve Marsh, VP of product at Nucleus Cyber, said Dec. 4, during the Software and Watermarking breakout presentation “How to Secure Collaboration from Insider Threats” at the Content Protection Summit.
“The collaboration world that we live in, powered by cloud collaboration tools” by Microsoft and other companies has “made it even tougher for us to get an idea of who is sharing what, where [our] sensitive information [is] and how… we make sure people are using it in the right way,” Marsh told attendees.
He pointed to the “employee handbook we all signed when we joined our companies that said, ‘this is how I will handle intellectual property’ but then forgot all about.” However, organizations can actually take those policies now and “physically enforce them,” he said.
There are three decidedly different types of insider threats, even if all of them can cause damage to an organization. First, “there is the malicious person who’s about to steal all your intellectual property and go off to a competitor,” Marsh pointed out. There are also the “negligent” employees who “bend the rules slightly” and don’t think anything bad will come of it, he said. And then there’s the accidental kind of insider threats – such as the folks who print out a file and then misplace it, he noted.
What’s more, it’s often hard to tell when an incident has been caused intentionally, through negligence or accidentally, he said.
Marsh pointed to data from the 2019 Insider Threat Report by Cybersecurity Insiders, with support from Nucleus Cyber, that revealed 60% of organizations had experienced an insider attack in the past 12 months, while 70% disclosed that insider attacks had become more frequent.
The report underscored the real threat posed by trusted insiders. Although security and IT team attention are mainly focused on hackers, attacks from within are a significant threat to the entertainment industry as the BBC discovered with the leaked “Doctor Who” scripts that Marsh made note of.
“It’s very difficult to discern the damage” from at least some incidents, but “apparently preventing the damage” from a recent “Star Wars: The Rise of Skywalker” incident cost only “$85 on eBay to buy the script before it went out,” which was “incredibly lucky,” he said.
Marsh shared a few steps that media and entertainment organizations can take to protect their content from insider threats.
For one thing, he said it is preferable for organizations to be “proactive” before incidents happen rather than just “reactive” after an incident happens.
While some organizations might look to cut off all guest users from accessing their information systems, an option in between that and allowing all guests access is much more realistic, he pointed out.
Meanwhile, some organizations may opt to try a security initiative that only allows certain devices to access their information, but he said it’s “starting at the wrong perimeter” to focus on a device or app. “What we need to be thinking about is the data itself,” he said.
He added: “No one works in an office these days all the time. Everyone is moving. The data and the users are moving, so we have to be able to do this across all devices.” Banning certain devices and apps also seems destined for failure because employees these days “don’t like to be forced to work in a way they’re not used to,” he said, adding people are often “tech-savvy” today and “we go and find a different way to do it.”
Meanwhile, “you can really start to get very granular” in what you can control via enforcement rules today, he noted. For example, you can only allow certain employees to access certain files, he told attendees. Organizations can also look to lock down files if users are in an airport or hotel rather than their homes or offices, he pointed out.
Unique steps can also be taken with watermarks now, such as placing dynamic watermarks within files, he also said.
Rod Bray, innovation and experience lead at LiveTiles, also spoke briefly during the start of the presentation.
The Content Protection Summit was produced by MESA and CDSA, and was presented by SHIFT, with sponsorship by IBM Security, NAGRA, Convergent Risks, LiveTiles, Richey May Technology Solutions, EIDR, the Trusted Partner Network (TPN) and Darktrace.