The Cyber Security Seminar held on 1st March 2016 at our Harlow Enterprise Hub headquarters was a huge success. The presentations were insightful, the audience inquisitive and the diverse range of cyber security knowledge in the room made for a great social and educational event. One those to speak was Michael Tye from the company Infinigate. His presentation centred on the highly topical ‘Insider Threat’ and how the introduction of software such as TITUS could help mitigate the risk.
TITUS is a market leader in what is known as protective marking. This involves the classification and protection of documents and files. In an organsiation where work is regularly shared, it is important that only permitted individuals are able to access certain documents, and that there is the facility to quickly share with those who are. By classifying the document at the time of writing you indicate how confidential or public it should be, and who should be able to read it. The rules that TITUS software puts in place make these classifications specific to your organsiation, with policies that keep your files protected.
In Michal’s talk, one of the major benefits surrounding protective marking software, and in particular TITUS, was that it effectively dealt with the insider threat. He revealed that 96% of data leaks were accidental, and as a result of lack of knowledge or carelessness as opposed to malicious intent. What he also highlighted was that although the cause may be unintentional, the risk, penalties and outcomes remain the same.
With a huge increase in media coverage surrounding data leaks, the risks of the insider threat are becoming more and more obvious. Michael specifically picked up on the well-documented Sony hack as an example, where the classification of data would have led to a very different outcome. Had they correctly categorised what was important to keep confidential, and what they could risk going public, then the data that was leaked would have been protected, thus reducing the impact it had on their reputation and earnings.
Michael explained data classification in more detail through the use of imagery. On a box, for example, there will be human readable markings (‘fragile’, ‘This way up’ etc.) and machine readable marking, such as the barcode. A machine readable marking of ‘classified’ means that if you are an individual who does not have permission to read the text, then it will not be translated to human for you, thus keeping it secure.
As well as highly recommending TITUS, Michael also emphasised the need to get users on board with the process, rather than simply initiate it. The most effective way to build a successful protective marking environment is through the understanding and cooperation of the users. Yes, you can put in place rules for certain groups that forces them to classify, but having their assistance can be a far more effective tool. He ended by conceding that it was very difficult to predict a potential insider threat, but underlined that with TITUS you could mitigate the risk.
As well as Michael, other speakers at the event included Essex Police Crime Commissioner, Nick Alston CBE who was the keynote speaker, Caroline Garrow from SEIB Cyber Insurance, who looked at the importance of robust cyber insurance, Donell Henry of Barclays Bank, with a talk on cyber fraud and our very own Colin Tankard, Managing Director of Digital Pathways who focused on ‘How They Hack’.