What’s the real cost of a data breach or record loss? According to the “2016 Cost of Data Breach Study” conducted by the Ponemon Institute, the cost of a single record came with a $158 price tag, while the average total cost of a full data breach was just over $4 million. Even more worrisome: The biggest security risk isn’t coming from outside your organization but from within your walls — accidental and malicious insiders cause more damage than even the most determined hackers.
Bottom line? To generate IT business value it’s not enough to “secure” the perimeter and mitigate breaches after the fact, but instead proactively prevent data loss before it occurs. Here’s how.
Part of the Problem?
As noted by Channelnomics, a recent survey of almost 197 IT professionals found that end-users posed the largest threat to network security. Sixty-nine percent of respondents said their end-users lacked understanding of security issues while 57 percent noted that they consistently fought back against security policies and existing IT solutions. The result? Burgeoning “shadow IT” departments propped up by the increasingly powerful mobile movement — in effect, users have almost unlimited access to the cloud-based service of their choice regardless of what IT departments allow or forbid.
And while improved employee training can help limit the risk of data breaches and minimize the damage of network intrusions, IT pros have historically been handicapped from taking more substantial steps since at the end user level they’re stuck approximating behavior and attempting to predict likely attack vectors; in effect, admins lack hard data to make effective security decisions.
Finding a Solution
Addressing this issue means finding a way to observe and analyze employee behavior without requiring them to self-report and without driving a wedge between IT and front-line staff by treating them as technological jetsam rather than collaborative partners. One solution is the emerging discipline of end-user IT analytics — rather than examining your IT infrastructure from the top down to predict the behavior of front line staff, end-user platforms provide real time insight about how users interact with existing technology and any problems they encounter.
Consider an example – an application crash. During the course of a typical week, companies experience hundreds if not thousands of application crashes – for example, in a typical small enterprise, users on average see Internet Explorer crash 250 times per week while Office 2013 crashes almost 150 times. Hard data provided by end-user analytics lets IT admins discover root causes for application crashes and in turn deliver corporate-wide fixes. But this is just the beginning: Apply this same data to shadow IT and suddenly IT departments have the inside track on insider threats. If IT discovers a non-approved third-party app is continually crashing for multiple users, it’s possible to tie that data to reduced network performance and isolate security risk before it reaches local stacks. What’s more, access to user behavior patterns lets security experts create a baseline of “normal” device interaction – if actions outside set parameters suddenly ramp up, an attack may be imminent.
End users create risk for IT environments, and perimeter security simply can’t keep up. Driving down the cost of data breaches demands proactive insight, and it starts with better end-user visibility.