The recent Capital One breach illustrates the dangers of insider attacks
There are many takeaways for organizations and security professionals from the recent Capital One data breach, which compromised sensitive data belonging to some 100 million customers. Among these is the clear and present danger that insider attacks pose to enterprise cyber security. As Capital One learned the hard way, insider carelessness can be just as damaging as maliciousness. According to the U.S. Department of Justice, the former Amazon employee accused of stealing Capital One’s data from an AWS storage bucket accessed the data through a “misconfigured web application firewall.”
It’s also notable that the Capital One breach was perpetrated not by an insider at the banking titan itself but a former employee of their cloud service provider. Insider attacks are on the rise, and the growing popularity of cloud computing appears to be a contributing factor. A recent study found that 60% of organizations had experienced at least one insider attack in the previous 12 months, 56% said that detecting insider attacks had gotten more difficult since migrating to the cloud, and 39% said they felt cloud storage and file sharing applications were the most vulnerable targets.
Preventing insider attacks can be tricky, but there are ways enterprises can mitigate these threats.
Have a written acceptable use policy
This is a very basic step, but many organizations overlook it. It is imperative to establish specific rules regarding the acceptable use of company hardware, software, and network access, and lay out the consequences for not following them. While written policies won’t deter malicious insider attacks, they provide leverage for organizations to take disciplinary action against employees who display negligent or suspicious behavior, such as sharing login credentials or removing company-owned devices from the premises without authorization.
Train your employees on cyber security awareness & best practices
Similar to written policies, cyber security training won’t stop a malicious insider attack, but it can prevent employees from making errors that hackers can take advantage of or falling prey to social engineering schemes such as business email compromise.
Monitor systems for anomalous or suspicious behavior
Continuous monitoring of enterprise systems and networks is an important technical defense that can detect insider attacks early, before any damage is done. Unusual or suspicious user behavior, such as an employee logging into the system from an unusual location or attempting to access a part of the system they don’t need to do their job, can be be flagged and investigated.
Employ the principle of least privilege
Employees should be granted as much system access as they need to do their jobs, and no more. In addition to protecting against insider attacks, this prevents hackers from obtaining the “keys to the kingdom” should they manage to steal login credentials belonging to a lower-access employee.
Conduct third-party risk assessments
As the Capital One breach illustrated, your third-party business associates could pose insider threats. Understand your enterprise ecosystem and build risk profiles for all of your business partners. Understand who your business partners are, what services each partner provides, and the level of access they have to your data and systems.
The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.
Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.