The increasing complexity and sheer volume of data breaches remain a difficult challenge for organisations across all business sectors. To combat this constant threat, companies are investing a lot of time and money on beefing up their security measures for external threats to make sure they are fit for purpose. But what about the threats which come from within?
Insider threats are a growing issue for companies, to the extent that cyberattacks now, more often than not, are caused actively or unknowingly by employees within an organisation.
Insider threats can be among the biggest risk factors for data theft
Employees represent the biggest threat to most organisations’ security, in part because insider abuse can be difficult to detect. Indeed, a recent survey of firms by Forrester found that breaches most commonly occurred because of an internal incident within an organisation – with 50 per cent of breaches due to unintentional misuse or user error, known as the Accidental Insider.
Examples of the Accidental Insider can be ostensibly innocent actions, such as an employee clicking on a suspicious link in an email, unknowingly downloading malicious malware or code, or employees ignoring security policy to complete work more easily.
It is not only the actions of an Accidental Insider which pose a threat. Calculating attackers can gain access to networks by targeting and manipulating employees within an organisation (or via business partners and third-party suppliers), by pretending to be legitimate when their actions are designed to steal valuable information.
Insider threats can also be a disgruntled former employee who steals data and destroys company networks by injecting malware or a logic bomb in corporate computers. Additionally, tech savvy insiders possessing in-depth knowledge and insight of an organisation’s security shortcomings can sell this confidential information to external parties or black market bidders.
The increasing usage of personal devices to conduct business enhances the already complex nature of the insider threat. It creates more avenues for insiders to access sensitive corporate data, without rousing the suspicions of security teams who are often blind to that avenue.
Educate and protect employees
Although insider threats are a serious challenge to IT security, they are not just an IT issue. A significant characteristic of insider threats is that they manifest because of the human element. With this in mind, businesses must assemble an effective insider threat programme that incorporates technology controls with risk management plans and focuses on educating employees on best practices.
A successful insider threat programme will incorporate these five key elements:
- Limiting access: Reduce the risk of unidentified persons accessing sensitive data by limiting access to data and systems according to assigned roles
- Policies: Inform and educate staff on how technology, such as mobile devices and file sharing systems, should be utilised within the organisation
- Processes: Assign specific roles to employees to be responsible for computer/device usage
- Risk management: Identify and develop a risk-management plan around mission-critical data
- Auditing and monitoring: When implementing the above elements, it is important to continue assessing what is effective to meet the security needs of the organisation
Collect and analyse risky user behaviour
In addition to implementing the above, organisations can also use technology to monitor and combat potential insider intrusions. Deploying database activity monitoring solutions will keep track of any suspicious changes or actions taken by employees that could signal a potential security breach. Additionally, they can invest in technologies which monitor network traffic and alert IT managers of any suspicious activity or detect potential internal threats such as a sudden increase in connections to file sharing websites.
Companies can also invest in data loss prevention software which will help with the implementation of data handling policies and ensure that employees are handling data securely at the endpoint. Moreover, such software can automate the process of managing data loss policies by monitoring outbound email and blocking messages that contain sensitive information.
The seriousness of insider threats is now an unavoidable reality, so it is crucial that organisations develop a robust insider threat programme. The need to address the risks and challenges of internal dangers and effectively detect, deter and mitigate risks, both existing and new, has never been more vital.
Carl Leonard, Principal Security Analyst at Forcepoint
Image Credit: Shutterstock/Andrea Danti