Dark Web augments insider threat for organizations

Jul 21, 2017 | 0 comments

The Dark Web is a marketplace for sensitive insider knowledge

Through simply accessible applications, such as Tor, Freenet and I2P, disgruntled employees have the opportunity to move freely in the Dark Web and to get into direct contact with hackers, and pilfer their organization’s Intellectual Property from its internal systems.

This is confirmed by a recent article from the Computer Week. According to a report by RedOwl and IntSights, the number of insider contacts, who offer sensitive company data through the Dark Web for purchase have increased by almost 50 percent from 2015 to 2016. [1]

The threat from within is usually underestimated

In practice, this risk is being underestimated – especially for SAP data. According to a study conducted by PAC at the end of 2015, only 6% of the surveyed companies estimate their own employees as a “major threat”. [2] Another survey by Gartner also shows that thus far only 18 percent of companies surveyed have had a program to protect themselves against insider threats. [1]

This is how companies can protect themselves

In order to protect sensitive SAP data from insider attacks, it is not enough to rely on SAP on-board tools alone. These offer protection within the SAP system, but not for the files, such as Excel sheets, graphics in PowerPoint, or print documents, exported therefrom.

SECUDE provides intelligent solutions that control the export of data from SAP systems, minimizing the risk of insider attacks. They allow granular determination of access rights for data exports from SAP, the limitation of the export of particularly sensitive data as well as clear tracking of all data transactions.

SECUDE’s close partnership with Microsoft ensures that even common Office applications recognize and automatically apply security classifications for every file that is being shared. With SECUDE solutions, malicious insiders move in a clearly defined data space and have significantly fewer possibilities to duplicate individual data sections or files and pass them on to unauthorized persons.

You can find more information about the SECUDE solutions at http://secude.com/halocore.

References
[1] Article from Computer Week: https://www.computerwoche.de/a/die-insider-gefahr-aus-dem-dark-web,3330865

[2] Complete PAC study: http://secude.de/wp-content/uploads/2016/11/Secude_PAC_Research_Highlight_2.pdf