No organization wants to think they have a problem with insider threats. However, Intel’s study found that 43% of data losses result from “internal threats” – and about half of these incidents were due to the intentional acts of malicious insiders, not accidents or carelessness. Plus, the average cost of an insider attack within an enterprise is now as much as $2 million, according to a new report from Bitglass.
What is an Insider Threat
An insider threat is a security risk that originates from within the targeted organization. It typically involves a current or former employee or business associate who has access to sensitive information or privileged accounts within an organization’s network and who misuses this access.
Traditional security measures tend to focus on external threats and cannot identify an internal threat emanating from inside the organization.
Types of insider threats include:
- Malicious insider—also known as a Turncloak, maliciously and intentionally abuses legitimate credentials, typically steal information for financial or personal incentives. For example, an individual who holds a grudge against a former employer, or an opportunistic employee who sells secret information to a competitor. Turncloaks have an advantage over other attackers because they are familiar with the security policies and procedures of an organization and its vulnerabilities.
- Careless insider—an innocent pawn who unknowingly exposes the system to outside threats. A careless insider is the most common type of insider threat, resulting from mistakes, such as leaving a device exposed or falling victim to a scam. For example, an employee who intends no harm may click on an insecure link, infecting the system with malware.
- A mole—an imposter who is technically an outsider but has managed to gain insider access to a privileged network. This is someone from outside the organization which poses as an employee or partner.
What can your organization do to protect yourself against Insider Threats?
Preventing insider attacks can be tricky, but there are ways enterprises can mitigate these threats.
- Have a written acceptable use policy – This is a fundamental step, but many organizations overlook it. It is imperative to establish specific rules regarding the proper use of company hardware, software, and network access and lay out the consequences for not following them. While written policies won’t deter malicious insider attacks, they provide leverage for organizations to take disciplinary action against employees who display negligent or suspicious behavior, such as sharing login credentials or removing company-owned devices from the premises without authorization.
- Train your employees on cybersecurity awareness & best practices – Similar to written policies; cybersecurity training won’t stop a malicious insider attack. Still, it can prevent employees from making errors that hackers can take advantage of or falling prey to social engineering schemes such as business email compromise.
- Increase visibility—deploy solutions to keep track of employee actions and correlate information from multiple data sources. For example, you can use deception technology to lure a malicious insider or imposter and gain visibility into their actions.
- Implement MFA, strict password and account management policies and practices – All your users should enter your systems by entering a combination of credentials that personalize them; each user should have a unique login ID, password, and multi-factor authentication (MFA).
- Monitor and control remote access from all endpoints, including mobile devices – Deploy and properly configure wireless intrusion detection and prevention systems, as well as a mobile data interception system. Regularly review whether employees still require remote access and/or a mobile device. Ensure that all remote access is terminated when an employee leaves the organization.
- Promote culture changes—ensuring security is not only about know-how but also about attitudes and beliefs. To combat negligence and address malicious behavior drivers, you should educate your employees regarding security issues and work to improve employee satisfaction.
- Develop a comprehensive employee termination procedure – Work with HR to develop a robust user termination procedure to protect your organization legally and technologically from former employees.
- Recycle your old hardware and documentation properly – Before discarding or recycling a disk drive, completely erase all information from it, and ensure the data is no longer recoverable. Old hard disks and other IT devices that contained critical information should be physically destroyed; assign a specific IT engineer to control this process personally.
- Continuous Monitoring through ongoing risk assessment activities – the only way to eliminate threats to your business, is to first identify what those threat vectors are. Standards-based risk assessments such as those using the ISO 27005 or NIST 800-30 frameworks are a great start.
The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches.
Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.