Insider Risk – The elephant in the room
Along with the stream of dreadful news about the situation in Ukraine, the last few days have seen many reports of serious issues, cancellations, luggage losses together with wailing and gnashing of teeth at the UK’s flagship airline British Airways.
Hot on the heels of the UK and most of the European Union (and the UK) shutting airspace to Russian planes, many Cyber types were obviously expecting the announcement of a Russian backed cyber security attack. This was not to be.
The most recent communications from BA have (so far) pinned the chaos on an ‘unspecified hardware failure’.
Unless you have a memory issue, you will recall that BA has suffered numerous IT issues to the disgruntlement of customers and share holders alike over the last few years. For instance, one in 2017 was caused by an engineer disconnecting the power supply to a data centre and then connecting it the wrong way. Apparently the subsequent power surge caused major damage to the servers the airline uses to run online check-in, baggage handling and other services. BA sued CBRE over the incident for losses of £58 million.
It is a known fact that BA relies heavily on several mission critical systems based on mainframe technology (we love a mainframe, especially the Cray and IBM beasts at the Met Office). Airline costs have clearly been considerably stretched by the lack of revenue during Covid and it is no surprise that having reported losses of €3.5 Billion in 2021, the owner of BA, IAG is looking to increase cost effectiveness. IT, Property and other costs were down €24 million, or 3.1%, on 2020.
‘What has all of this to do with a Tiberium blog?’ we hear you cry.
We all know that cyber security is described and modelled in terms of Confidentiality, Integrity and Availability, all of which are substantially at risk from insider activity; The ‘Insider Risk’. From pulling or pushing the wrong plug, accidental or deliberate misconfiguration, sabotage, espionage data theft for personal or ideological gain, the list is endless and, to date, very difficult to measure and protect against without considerable investment in dedicated systems and the personnel to manage, feed and water them. Out of the reach of all but the largest enterprises.
Reportedly, up to 60% of data breaches are caused by insiders. Of course these are a combination of malicious and accidental incidents costing millions to detect and remediate. In order to address this issue, Microsoft has made considerable advances in Insider Risk Management and we are very excited to have built our new governance and compliance service powered by MYTHIC; ‘LORE’.
Tiberium’s FROST and MYTHIC managed services are powered by Microsoft technologies. We believe that Microsoft’s end to end vision and innovation provide exceptional, cost effective security outcomes when delivered, configured and managed appropriately.
Our services apply our team’s considerable real world experience in managing security at all levels, from corporate compliance to infrastructure configuration, incident identification, remediation and management, threat hunting and effective, pragmatic consultancy to protect our customer’s systems.
We understand that the days of email and telephone security alerting are long gone and wherever possible we provide automated remediation supported by accurate, detailed workflow communications.
Integrating and enhancing Microsoft’s security and Compliance capabilities, LORE delivers the following essential outcomes:
- Automated alerting of suspicious use of data
- Visibility of how data is used and shared
- Enhance monitoring of high-risk groups (Leavers, Admins, High Turnover areas)
- A solid base for comprehensive Data Loss Prevention
- Understanding potential oversharing risks
We are running a webinar to showcase LORE on 2nd March at 12 pm GM, and would very much recommend you attend if you are a Microsoft customer and want to measurably increase your governance and compliance posture without enormous investment in third party products.
Upside Down is of course a song by Diana Ross. Try not to be turned Inside Out !