SpectorSoft: Public Sector Data Breaches – From the Inside Out
Written by Gareth Fearn from SpectorSoft.
There is a misconception that public sector organisations are penalised far more severely for data breaches than their private Sector counterparts. Whilst it is true that the public sector have paid a higher price, this is typically due to the nature of the data, rather than the breach itself.
The ICO can only impose penalties where a data breach could have serious implications for the individuals it relates to. So, losing confidential patient records for example would clearly attract a far higher penalty than losing data containing customer product preferences. That’s why public sector organisations are consistently hit hard when the fines are levied. The data they hold is incredibly sensitive.
One of the largest threats to information security comes from inside. Unlike external hackers, employees and contractors already have privileged access to this sensitive data and that puts them firmly at the forefront when it comes to risk.
Another key difference is motive. Attacks from outside always have malicious intent. Whether the attacker seeks financial gain, acclaim or simply wishes to discredit the victim, the intent is there to cause damage from the outset. A minority of insiders also have malicious intent, but what about those who don’t – the majority, who strive to carry out their job to the best of their ability? What about those who simply make an error of judgement? We are all human and we all make mistakes. Does that mean that accidental breaches are less serious? Of course it doesn’t. The outcome is usually the same – damaged reputation and severe financial penalty.
Now, malicious intent can often be detected. Those who intentionally seek to cause damage will frequently display common traits. Accidents are much harder to uncover however. The perpetrator may not even be aware that they have done anything wrong and it can be many months before a breach is discovered, if at all. Commonly, the first time an incident comes to light is shortly before it is reported by the press. By then, the maximum amount of damage has already been done.
Assuming that a breach is discovered, a complex and time consuming investigation usually ensues. What exactly happened? When did it happen? How did it happen? Who was involved? Was it accidental or intentional? How can similar breaches be prevented in the future? Many questions need answering. This can involve weeks of trawling through logs and often, only part of the story is uncovered. The only thing left to do then is to pick up the pieces and attempt to prevent further damage.
By implementing a user activity monitoring and alerting solution, an organisation protects itself against such data breaches and insider threats. That’s not suggesting for one minute that every single action of every employee is scrutinised in microscopic detail; actually it can mean the opposite. Rather, a system which monitors and records unobtrusively in the background, but automatically alerts management to any activity that could constitute a security risk. Rather like an intelligent CCTV system.
SpectorSoft’s SPECTOR 360 offers an easy-to-deploy, comprehensive solution for user activity monitoring. In addition to its automated alerting, flexible search and reporting features will quickly drill down to specific traffic, replay activity and more. Quickly investigate potential data breach incidents, see contextual evidence showing exactly what happened and where necessary take appropriate mitigating action to protect the organisation from harm.