The goal of Insider Threat Awareness Month (September) is to promote organizations to detect, deter, and mitigate insider threats by increasing awareness and promoting reporting. Insider threat awareness is about preventing the exploitation of authorized access to cause harm to an organization or its resources. This initiative is not to curtail protected free speech or suppress legitimate whistleblowing, but, rather, empowering organizations to understand the ways in which insider threats—even if unintentional—can bring harm to a business. Insider Threat Awareness Month aims to highlight and make the best practices for minimizing the occurrence of avoidable risks known industry-wide.
We heard from David Friend, co-founder and CEO of cloud storage company Wasabi, to hear more on the importance of backup and underutilized object-level immutability in protecting data against insider threats:
“I’ve seen many companies spend so much time and money on intrusion prevention and detection. But it’s a losing battle because vulnerabilities are not just technical – they depend on people never making a mistake. And that’s not likely to ever be the case. When you think about insider threats, you have potentially disaffected employees involved, or someone who has access to the administrative functions, or simply an instance of human error that detection solutions can’t always account for.
One underutilized way to protect your data against insider threats is through object-level immutability in your cloud storage, which means certain files and stored objects cannot be modified or deleted by anyone, even a systems administrator. If you store your backups in immutable buckets, ransomware hackers can’t delete or encrypt your backups. If you have done your backups properly, if you get attacked by ransomware, you should be able to start fresh and restore your entire system from backups. Ransomware hackers know that if you can restore your systems from backups, they are unlikely to be able to extort ransom from you. So they try to destroy backups at the same time they are encrypting your primary data.
No amount of high-tech prevention will stop ransomware attacks because most of the time the vulnerability is with the humans, not the machines. So my advice is to do the best you can on the prevention side, but more importantly do complete backups, store them in immutable object stores, and test that you can successfully do a full restore before you get hit.”