Data Breaches on Rise: Employee Access Leaves Companies Vulnerable

October 10, 2023

The IT industry is grappling for a solution to all of the above, and to help mitigate and stay ahead of any potential for a data breaches. Venkat Thummisi, Co-founder and CTO, of Inside Out Defense outlines Ten Important Issues IT teams need to consider when developing their data security posture. — The IT industry is grappling for a solution to help mitigate and stay ahead of any potential for data breaches. Venkat Thummisi, Co-founder and CTO, of Inside Out Defense outlines Ten Important Issues IT teams need to consider when developing their data security posture.

Guest Editorial by Venkat Thummisi, Co-founder and CTO, of Inside Out Defense

Just in time for Cybersecurity Awareness Month, the number one threat vector for data breaches needs a closer look: employee access to sensitive data.

IT departments are becoming increasingly aware of the #1 problem that puts their data at risk, but for which they may not have found a solution. Regardless of the industry sector – healthcare, manufacturing, financial services or transportation – employees interact with third-party vendors and cloud environments more than ever.

It makes it easier for them to do their jobs, but simultaneously, it expands the organization’s attack surface, leaving organizations completely vulnerable.

Just look at the recent data breach headlines involving major companies – casinos, hospitals, banks – no industry or organization is safe from employee data access issues.

(Medical giant HCA Healthcare, which operates 180 hospitals in the U.S. and Britain, reported the personally identifiable information (PII) of about 11 million patients in 20 states may have been stolen in a data breach. Courtesy of WPLG Local 10 and YouTube. Posted on July 11, 2023.)

As the industry continues to explode with new applications, AI technologies, cloud expansion, and companies embracing digital migration, there are several important issues IT teams need to consider when developing their data security posture.

They are as follows:

Onboarding systems are very static and work like a ledger. Active Directory/OKTA and others provide birthright privileges to every new user, but they do not account for access privileges added incrementally as the user starts working.
Onboarding systems do not have coverage across all the infrastructure and applications. They are limited by those systems and applications connected to them.
Access management systems don’t keep track of the number of inactive users who still hold credentials in the system. These inactive credentials are an easy target for external hackers and threat actors, who already know that no one is keeping track of the number of inactive users.
Given the lack of visibility across the organization, the residual footprint of users who have left the organization is a major challenge. Third-party users may still have hidden footprints inside the organization even though they are no longer associated with the business.
High-privileged users may not need all the access they have. They may have inherited access from former managers whose roles shifted during a merger, leading to them holding an over-privileged level of access they will never use.
IT managers don’t have complete visibility of all users. They have visibility when they probe for compliance regularly. But the period between those frequent checkups is the danger zone, as IT departments cannot know if a user is suddenly behaving irregularly, which could signal malicious intent.
Stolen keys and credentials, for instance, accessed through a stolen laptop or phone, can easily be used by a hacker because the system will recognize that the user has all the right keys and passwords – but it will not recognize that the user’s behavior and intent is different from what should be expected.
The intricate web of interconnected systems and data repositories makes preventing and detecting abuses effectively challenging because you can’t “see” all the systems simultaneously. Nor can you easily follow a user from one platform to another.
Once a malicious intruder has been detected, it is often too late to take precautions. When an unauthorized user launches a cyberattack inside your system, that user has been lurking there for a long time and is very aware of how to behave so as not to attract undue attention.
Securing your organization’s perimeter with firewalls and zero-trust infrastructure is no longer efficient if many unused credentials are waiting to be exploited. It’s vital to shore up granular security, but it’s not good enough.

The industry is grappling for a solution to all of the above and to help mitigate and stay ahead of any potential for a data breach.

One valuable solution that would immediately address these issues is for IT teams to have real-time visibility into all user activity across all the infrastructure and applications.

Having a catalog of all users – in-office and remote workers – helps IT teams stay on top of employee access to all data streams, whether the CEO or the mail room attendant.

This allows IT to flag questionable behavior or other issues that arise from employee connections.

About the Author

Venkat Thummisi, Co-founder and CTO, of Inside Out Defense, is a product management and engineering leader who has built multiple products in datacenter and Cloud, Threat Intelligence, Security GRC, IOT Security .

Venkat has also been a practitioner in building healthcare Security. He is very passionate about building cybersecurity products operating at scale.

Before Inside Out Defense, he held leadership positions at EMC, RSA, and Schneider. At EMC, Venkat incubated and built data center and cloud products with a market footprint of $2+B. He was RSA and Schneider’s chief architect of the security product portfolio.

Venkat earned his Master’s degree in management and engineering from MIT, where he focused on Technology Strategy and Finance, and also completed joint coursework in strategy at Harvard Business School.

Related Technologies…

SIMS Software Nominated for Best Insider Threat Solution in 2023 ‘ASTORS’ Awards

American Security, Today’s Annual ‘ASTORS’ Awards, is the preeminent U.S. Homeland Security Awards Program, and now in its Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.

SIMS Software

Best Insider Threat Solution

SIMS Insider Threat Tool Management System
The proliferation of insider threats is a complex and persistent challenge for all national security stakeholders. From the surge in super-malicious personas to simple carelessness on the job, insider threats are pervasive and elusive and are increasing at an alarming rate.
As the leader of industrial security information management for almost four decades, SIMS Software has elevated insider threat detection into a science, providing a fully automated 360° view of every physical, virtual, and human asset inside a security domain.

Customers are provided with the technology tools necessary to see the risk landscape, so they can detect, deter, and mitigate insider threats, stay compliant with government requirements, and protect their high-value information and assets.
Companies often operate in siloed cultures and practices across their organization which may interfere with information sharing, however, SIMS helps to break down those silos to harmonize data and see the patterns for a unique system-of-record for any compliance program where security operations, cyber security, and other functional areas such as HR and Risk Management can work together, share information and track insider threat cases.
SIMS includes an Insider Threat Utility that empowers organizations to establish proprietary threat models based on their existing data and the risk indicators that matter most to each unique organization, so security professionals can view key metrics across the enterprise, track and catalog cases, view what was reported, investigated, and adjudicated to help the enterprise reduce risk and spot trends.

From negligent or disgruntled employees to hostile nation-state actors, the costs and consequences of insider threats can be staggering, the proliferation of insider threats is a complex and persistent challenge for all national security stakeholders. For nearly 40 years, SIMS Software has been fully invested in the national security mission, and their flagship product, SIMS, is the most trusted industrial security management solution on the market. — From negligent or disgruntled employees to hostile nation-state actors, the costs and consequences of insider threats can be staggering, and the proliferation of insider threats is a complex and persistent challenge for all national security stakeholders. For nearly 40 years, SIMS Software has been fully invested in the national security mission, and its flagship product, SIMS, is the most trusted industrial security management solution on the market.

From negligent or disgruntled employees to hostile nation-state actors, the costs and consequences of insider threats can be staggering. SIMS Software offers a strategic opportunity to deliver a genuine ROI for businesses, and saves organizations costly expenses by providing security stakeholders the opportunity to deter and mitigate, protect the company brand reputation, and retain customer trust.
Focused on evolving customer needs and government regulations, SIMS Software combines proven performance, constant innovation, and unmatched customer service to deliver a uniquely powerful security information management system.

SIMS Software

Best Security Workforce Management Platform

Security Information Management System
SIMS Software is the leading provider of industrial security information management software to some of the world’s most renowned government agencies, defense contractors, high technology giants, academic institutions, and research facilities.
For almost 40 years, the flagship product, Security Information Management System (SIMS), has been the most trusted solution on the market to protect classified and high-value information.

SIMS Software is a leading provider of industrial security information management software to the government and defense industries.

As the role of a security professional continues to transform with increased responsibilities, evolving compliance requirements, and multifaceted, aggressive threats towards their organization, having a complete solution has never been more imperative.
SIMS Software provides security professionals with powerful management-level metrics and a 360° view of their organization at their fingertips: reducing data calls, allowing for tracking of assets specific to the organizational requirements, and providing on-demand trend analysis for early detection and insider threat prevention.
Purpose-built, SIMS provides all the features and functionality necessary to run a powerful, paperless industrial security program with a single system of record, and includes 17 fully integrated modules for a fully automated 360° view of every physical, virtual and human asset inside your security domain.
SIMS manages visitors, classified contracts, information tracking, and control as well as personnel security clearance monitoring at all levels, and supports all National Industrial Security Operating Manual (NISPOM), Special Access Programs (SAP), and Sensitive Compartmented Information (SCI) requirements.

SIMS Software provides the technology tools necessary to detect, deter and mitigate insider threats and stay compliant with government requirements.

SIMS is a robust solution that supports the development costs and interoperability issues associated with in-house developed solutions, which are often more expensive and require in-demand IT resources, and has been designed to meet the hosting needs of all sizes and types of organizations offering both on-prem and cloud hosting options.
Focused on evolving customer needs and government regulations, SIMS Software combines proven performance, consistent innovation, and unmatched customer service to deliver a uniquely powerful security information management system. By equipping security stakeholders with the tools to protect the lifeblood of their organizations, SIMS Software is proud to play a vital role in advancing the interests of our nation and its allies at home and abroad.

SIMS provides all the features and functionality necessary to run a powerful, paperless industrial security program with a single system of record, so clients can escape the development costs and interoperability issues associated with in-house solutions.

SIMS supports all National Industrial Security Operating Manual (NISPOM), Special Access Programs (SAP), and Sensitive Compartmented Information (SCI) requirements, and equips security stakeholders with the tools to protect the lifeblood of their organizations, speed detection, improve accuracy and stay ahead of the threat.

*SIMS Software is also a Returning Premier Sponsor for their Second Consecutive Year, and was recognized as an ‘ASTORS’ Awards Champion in the 2021 ‘Homeland Security Awards Program.

ATF Director Steven M. Dettelbach, will join the 2023 'ASTORS' Homeland Security Awards Ceremony and Banquet Luncheon in NYC on Thursday, November 16th at the Jacob Javits Convention Center. — ATF Director Steven M. Dettelbach will join the 2023 ‘ASTORS’ Homeland Security Awards Ceremony and Banquet Luncheon in NYC on Thursday, November 16th at the Jacob Javits Convention Center.

AST is pleased to announce that Steven M. Dettelbach, the Director of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), has agreed to participate in the 2023 ‘ASTORS’ Homeland Security Awards Ceremony and Banquet Luncheon as our keynote speaker.

The continually evolving ‘ASTORS’ Awards Program will highlight the trail of Accomplished Women in Leadership in 2023 and the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders. Because #MentorshipMatters.

So be on the lookout for exciting upcoming announcements of Book Signing Opportunities and Special Guest Attendees at the 2023 ‘ASTORS’ Awards Presentation Luncheon on Thursday, November 16, 2023 in New York City at ISC East!

(See some highlights of the 2022 ‘ASTORS’ Homeland Security Awards Ceremony and Banquet Luncheon in New York City during ISC East at the Javits Center. Courtesy of AST and YouTube.)

Homeland Security remains at the forefront of our national conversation as we experience an immigration crisis along our southern border and crime rates dramatically higher than before the Pandemic across the United States.

CBP K9 Team Zaskya Steros and TYKE, with Commissioner Bill Bratton at the 2022 'ASTORS' Awards Luncheon. — CBP K9 Team Zaskya Steros and TYKE, with Police Commissioner Bill Bratton at the 2022 ‘ASTORS’ Awards Luncheon.

These challenges have become a national priority with an influx of investments in innovative new technologies and systems.

Enter American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields, with a circulation of over 75,000 readers and many tens of thousands more who visit our AST website at www.americansecuritytoday.com each month.

The pinnacle of the Annual ‘ASTORS’ Awards Program is the Annual ‘ASTORS’ Awards Ceremony Luncheon Banquet, an exclusive, full-course plated meal event in the heart of New York City.

Please join AST in Welcoming Director Dettelbach and Commissioner Sewell to the 2023 ‘ASTORS’ Homeland Security Awards Ceremony Luncheon on Thursday, November 16, 2023 in New York City.

Go to https://americansecuritytoday.com/product/awards-luncheon/ to secure your Seat or reserve a Table and Receive a Special Early Bird Discount.

***Limited space available. There will be No On-Site registrations.

The 2022 exclusive sold-out ‘ASTORS’ luncheon featured representatives of law enforcement, public safety, and industry leaders who came together to honor the selfless service of those who stand on the front lines and those who stand beside them – providing the capabilities and technologies to create a safer world for generations to come.

Last year marked the 20th anniversary of the Department of Homeland Security (DHS), which came out in force to discuss comprehensive collaborations between private and public sectors that have led to the development of intelligence and technologies that serve to protect our nation.

Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, expresses her pride in the women and men of the CBP, and their families who support them.

The keynote address was provided by U.S. Customs and Border Protection (CBP) Office of Field Operations (OFO) Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, who described the changes to CBP through the tragedy of 9/11 and the relentless commitment to its mission and ongoing investment in the latest technologies and innovations to protect our borders and Homeland.

The resounding theme of the DEAC’s remarks was her pride in the women and men of the CBP and their families who support them.

Deputy Inspector Lashonda Dyce accepts a 2022 'ASTORS' Award on behalf of the NYPD TARU Unit for Excellence in Public Safety. — Deputy Inspector Lashonda Dyce accepts a 2022 ‘ASTORS’ Award on behalf of the NYPD TARU Unit for Excellence in Public Safety, joined at left by Commissioner Bill Bratton, and at right Chief of Department Kenneth Corey.

AST was also joined by Legendary Police Commissioner William Bratton, who spoke about his love for the City of New York, the Profession of law enforcement to which he has dedicated his life, and for which he continues to drive thought leadership and innovation.

New York City Police Department (NYPD) Chief of Department Kenneth Corey, came out to address Luncheon attendees and shared some of his experiences and the changes in policing he’s witnessed over his more than three decades of service.

Katherine Schweit, an attorney, security consultant, and retired FBI special agent, and former head of the FBI’s active shooter program. — Katherine Schweit, attorney, security consultant, retired FBI special agent, and former head of the FBI’s active shooter program.

FDNY Chief Joseph Jardin honored the men and women of the FDNY, not only those who currently serve but all of those who have selflessly served, with special recognition of those lost on 9/11.

Chief Jardin spoke about the continuing health battle of many following 9/11 with cancer and respiratory disease, yet now knowing the full consequences, would not have made a different decision to respond.

As Chief Jardin noted, mission-driven service is the lifeblood of every firefighter, volunteer, and sworn member, and has been so throughout the history of the Fire Service.

Former head of the FBI’s active shooter program, Katherine Schweit joined AST to sign complimentary copies of her book, ‘STOP THE KILLING: How to End the Mass Shooting Crisis’ thanks to the generosity of our 2022 ‘ASTORS’ Awards Sponsors.

The 2023 ‘ASTORS’ Awards Program is Proudly Sponsored by Platinum Event Sponsor: NEC National Security Systems (NSS)

And Our RETURNING Premier Sponsors:

ATI Systems, Automatic Systems of America,

Guard Dog AI, IPVideo Corporation, Rajant Corporation, RX Global, SIMS Software, and American Security Today!

In 2022, AST was pleased to welcome the esteemed New York City Fire Department (FDNY), the New York City Police Department (NYPD), and the NYC Hospital Police, as well as Executive Management from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and many other DHS agencies, Federal law enforcement agencies, and private/public partnerships such as the National Association of Women Law Enforcement Executives (NAWLEE), the 30×30 Initiative, a coalition of professionals advancing the representation of women in policing; and Operation Lifesaver, Inc. (OLI) (rail safety advocates).

The FDNY was honored in the 2022 'ASTORS' Awards Program for Excellence in Public Safety and Critical Incident Response. — The FDNY was honored in the 2022 ‘ASTORS’ Awards Program for Excellence in Public Safety and Critical Incident Response, accepted by FDNY Chief Joseph Jardin and Deputy Assistant Chief Frank Leeb.

The prestigious Annual ‘ASTORS’ Homeland Security Awards Program highlights the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.

Katherine Schweit, former head of the FBI’s active shooter program speaks with 'ASTORS' Attendees and autographs copies of 'STOP THE KILLING: How to End the Mass Shooting Crisis.' — Katherine Schweit, former head of the FBI’s active shooter program speaks with ‘ASTORS’ Attendees and autographs copies of ‘STOP THE KILLING: How to End the Mass Shooting Crisis.’

In 2022 over 240 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields.

Each year, to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government, and law enforcement/first responder practitioners, convene in New York City to network, learn, and evaluate the latest technologies and solutions from premier exhibiting brands at ISC East, and the ASIS NYC Expo.

ISC East is the Northeast’s leading security & public safety event, hosted in collaboration with sponsor Security Industry Association (SIA) and in partnership with ASIS NYC.

U.S. Customs and Border Protection (CBP) was Honored at the 2022 ‘ASTORS’ Homeland Security Awards Ceremony and Banquet Luncheon in New York City, featuring OFO DEAC Diane Sabatino and Director of Field Operations NY Area Frank Russo (at center).

Corporate firms, the majority of which return year to year to build upon their Legacy of Wins, include:

Advanced Detection Technologies, AMAROK, ATI Systems, Axis Communications, Automatic Systems, BriefCam, Canon U.S.A., Cellbusters, CornellCookson, CyberArk Fortior Solutions, guardDog.ai, Hanwha Techwin of America, High Rise Escape Systems, IPVideo Corporation, Konica Minolta Business Solutions, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Select Engineering Services LLC, Singlewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and West Virginia American Access Control Systems, *just to name a few!***

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

These experts are from the Government at the federal, state, and local levels, as well as from private firms allied to the government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, see the 2022 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2022 ‘A Year in Review.’

The Annual CHAMPIONS edition reviews ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.

It serves as your Go-To Source throughout the year for ‘The Best of 2022 Products and Services’ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware, and Networking Security – to name a few), the 2022 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.

It also includes featured guest editorial pieces from some of the security industry’s most respected leaders and recognized firms in the 2022 ‘ASTORS’ Awards Program.

For more information on All Things American Security Today, as well as the 2023 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

Provides named sources
Reported by more than one notable outlet
Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.

Learn More…

Major General Walker, USA (Retired) Appointed to SIMS Board of Advisors