Security Information & Event Management Blog | SIEM

Employee Negligence Might Be Your Biggest Cyber-Threat, Plus Three Steps You Can Take Today Address It

/ in SIEM / by Tony Perri

The Ponemon Institute in conjunction with IBM recently released its survey of What CISOs Worry About in 2018, and the results give us interesting insights into industry leaders’ mindsets and the trouble with data security.

 When asked “Which of the following threats do you worry about most in 2018?” the 612 Chief Information Security Officers surveyed responded with the following top five findings:

  1. lack of competent in-house staff (70%)
  2. a data breach (66%)
  3. a cyber attack (59%)
  4. inability to reduce employee negligence (54%),
  5. and ransomware (48%).

The usual suspects, data breach and cyber-attacks were predictable as two of the top five answers. Shockingly though, lack of competent in-house staff claimed the top worry for CISOs this year with inability to reduce employee negligence coming in at the number four spot. Two of the top five concerns for CISOs this year are risks that are both preventable and within the organization’s scope of control, unlike say-- an unrelated cyber-attack from a malicious outsider.

Insider threat from negligence and insider mal intent is a serious issue for CISOs. Privileged users find ways to hide their tracks making it harder to detect and results in longer remediation time, larger amounts of data lost, and puts your most sensitive data at risk.

Click to download "Real-Time Mainframe SIEM 101" whitepaper  with 5 steps to connect z/OS to your SIEM strategy

In Verizon’s DBIR 2017, findings report that breach discovery from insider and privilege misuse are more likely than any other type of breach to take months and years to detect rather than the real time to discovery needed. Mainframe security admins have even more to worry about because privileged users have more ways to detect event logs that SIEMs (Security Information and Event Management) can’t recover.

No amount of firewall protection can prevent a malicious or neglectful insider, and so the right technology and procedures must me deployed soon before the top fear of CISOs in 2018 becomes their reality in 2019. If you share the worries of the CISOs surveyed, there are two things you can do to address these threats.

  1. You must have a data security policy that covers how to handle and dispose of sensitive company data. This is especially important in heavily regulated sectors like healthcare and government where data misuse can result in hefty fines but is essential for any company in the face of the GDPR, HIPAA, and PCI-DSS regulations. Make policy education an essential component of onboarding procedures for new employees and hold company-wide meetings quarterly or whenever the policy is updated to address the latest regulation or a flaw in the policy’s previous iteration.
  2. Have enterprise-wide visibility available in your SIEM and SOC that covers both mainframe and distributed platforms. SIEM systems are one of your best defenses against insider threat and employee negligence, but if they only cover your distributed platforms you are leaving out the most sensitive data within your organization. What’s more, SIEM systems with real-time event monitoring and event correlation are the best defense you can own to protect this very real and potentially costly threat. But many large organizations neglect the mainframe because of the false sense of security when it comes to the mainframe.
  3. Deploy flexible SIEM tools that account for most, if not all, security compliance initiatives. It could be argued that without compliance initiatives such as the GDPR, PCI DSS, HIPAA, FISMA, GLBA, IRS Pub. 1075, ISO 27001 and others, there would be a lot less focus on Information Security. If your SIEM tools have reports or scorecards based on specific compliance laws/standards built into the application you will be far ahead of the game in both securing your data and validating those processes with security compliance auditors. CorreLog has scorecards for most of the compliance laws/standards mentioned above. For more information on this functionality, please visit

If you are a CISO looking to improve your organization’s security policies, consider CorreLog’s range of security solutions. CorreLog’s solutions and services are designed for maximum interoperability, flexibility, and scalability. CorreLog has the capability to work alongside your existing SIEM and network technologies to improve threat management and incident response capabilities; our solutions are designed to enhance your current security initiatives. We leverage your existing infrastructure, and processes to return the fastest return on your existing investments with a very low total cost of ownership. We help you configure the solution and it then becomes set-and-forget technology.

CorreLog also offers a validated set of security apps for Splunk for security built specifically for IBM z/OS so you can integrate and analyze mainframe data within your Splunk dashboards with CorreLog zDefender™. Visit today for more information on our solutions for both distributed and mainframe systems. CorreLog’s solutions can help you identify network attacks, suspicious behavior, and policy violations by collecting and correlating user activity and event data, and mainframe systems that convert mainframe security events to standard distributed syslog format for inclusion to enterprise SIEM systems.

0 replies