By Mark Bloom of Sumo Logic

John Chambers, ex-CEO of Cisco, once said there are two types of companies: those that have been hacked and those that don’t yet know they have been hacked. Consider for a moment, the following statistics:

screen shot 2015 08 31 at 3 41 10 pm1 Are Users The Achilles’ Heel Of Security?

mark bloom Are Users The Achilles’ Heel Of Security?

Ray Barlow
(Photo courtesy of Ray Barlow)

screen shot 2015 08 31 at 3 41 10 pm1 Are Users The Achilles’ Heel Of Security?

Companies are finally coming to the conclusion that security vendors and their solutions are failing them. Despite the unbelievable growth in overall security spending, organizations are not any safer. And security attestations like PCI and HIPAA, while helping with compliance, are not equated with a stronger security posture.

Don’t believe it? Netflix recently indicated that the company was dumping its anti-virus solution. And because Netflix is a well-known innovator in the tech space, and the first major web firm to openly dump its anti-virus software, others are likely to follow.

Even the federal government is jumping into this security cesspool. In a recent U.S. appellate court decision, the Federal Trade Commission (FTC) was granted authority to regulate corporate cybersecurity. This was done because the market has failed and it was necessary for the government to intervene through public policy (i.e. regulation or legislation).

Research has indicated that security solutions are rarely successful in detecting newer, more advanced forms of malware, and scans of corporate environments reveal that most enterprises are already infected. A change in overall security strategy is needed as companies realize that adding more layers to their security infrastructure is not necessarily increasing their security posture. Instead of just bolting on more and more layers, companies are looking for better ways to tackle the problem.

While security has gotten better over the years, so too have the bad actors, whether they are cybercriminals, hacktivists or nation states. Malware-as-a-service has made this too easy and pervasive. The bad guys are going to find ways to penetrate any barrier put up, regardless of whether a company is running physical, virtual or cloud (PVC) infrastructures. So is all hope lost? Or is there a path to enlightenment by looking at this problem through a different lens?


The Insider Threat

screen shot 2015 08 31 at 3 41 10 pm1 Are Users The Achilles’ Heel Of Security?

According to recent industry research, cybercriminals continue to focus their efforts on what is widely considered to be the weakest link in the security chain: the user. Today’s cyber attacks are no longer targeting the infrastructure and so security needs to focus on the real risk, which is with the user. Understanding user behavior therefore becomes the key to defense.

And the ROI of this approach is huge, because the report – which analyzed user behavior across 10 million users, 1 billion files and 91,000 cloud applications – found that 75 percent of the security risk could be attributed to just 1 percent of the users. And almost 60 percent of the apps installed are directed by highly privileged users. Given these facts, and that cybercriminals always leverage these highly coveted, privileged user accounts during a data breach, understanding user behavior is critical to improving one’s security posture.

As more and more organizations deploy modern-day productivity tools like Microsoft 365, Google Apps and, not understanding what users are doing injects unnecessary and often unacceptable risk to the business.


What Can Business Do?

screen shot 2015 08 31 at 3 41 10 pm1 Are Users The Achilles’ Heel Of Security?

Leveraging activity-monitoring APIs across these applications, companies can monitor a number of activities that help in reducing overall risk. These include:

  • Visibility into user actions and behaviors
  • Understanding who is logging into the service and from where
  • Investigating changes made by administrators
  • Failed/valid login attempts
  • Identifying anomalous activity that might suggest compromised credentials or malicious insider activity
  • Tokens: information about 3rd party websites and applications that have been granted access to your systems

screen shot 2015 08 31 at 3 41 10 pm1 Are Users The Achilles’ Heel Of Security?

This emerging field of User Activity Monitoring (UAM) – applied to cloud productivity and collaboration applications like Microsoft 365, Google Apps and – can help to eliminate guesswork and assess the risk, in near-real time, of user activity. UAM (sometimes used interchangeably with user behavior analytics – UBA) employs modeling to establish what normal behavior looks like and identify anomalies, patterns and deviations that might require additional scrutiny.

This in turn helps today’s security and compliance teams to quickly identify areas of user risk – their Achilles’ Heel – before it brings them down. And if Chambers was right about two types of companies, those who have been hacked and those who don’t yet know they have been hacked, it is critical to put your best security foot forward.


Mark Bloom is the director of product marketing for compliance and security at Sumo Logic. Connect with Mark on LinkedIn or follow him on Twitter @bloom_mark.

The views, opinions and positions expressed within this guest post are those of the authors alone and do not represent those of Small Business Pulse. The accuracy, completeness and validity of any statements made within this article are verified solely by the authors.



Leave a Reply

Fill in your details below or click an icon to log in:

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Listen Live