The trusted insider has always been a security risk - whether an executive with access to sensitive information or an administrator on an enterprise network.
According to a recent report from the Ponemon Institute, 56 per cent of security practitioners surveyed said that company insiders are the primary cause of security breaches and 72 per cent were not confident they could control employee access to sensitive information.
Many are aware of the threat posed by malicious insiders. But it is not only the malicious you need to worry about – don’t underestimate the threats posed by human error and good intentions.
To err is human
According to IBM, human error was found to be a contributing factor in more than 95 per cent of incidents investigated. The most common problems included system misconfiguration, poor patch management, using default settings and weak passwords, lost devices, and sending sensitive data to the wrong e-mail address. This data is now two years old, but these examples of errors are still typical today.
Some of these problems are the result of the individual’s poor decision or a slip of the mouse. It could be something as simple as clicking “reply all” on an e-mail. Some, however, are the result of poor policy or poor management. System configurations and patch management should be matters of organisational policy and should be periodically assessed. We will never rid ourselves completely of mistakes, but there is vast room for improvement.
The path to poor security is paved with good intentions
Most employees are hard-working and want to do a good job. In fact, many go out of their way to do their jobs efficiently, and that can pose a problem. It is not uncommon for employees to install unauthorised wireless access points to make it easier to connect to the network throughout the office. These points can improve productivity and worker satisfaction, but unknown and unmanaged by administrators, they also create security holes that can be used by attackers to gain access.
Studies consistently show that workers also regularly connect remotely to work networks using personal devices – mobile phones, tablets, laptops and home PCs. Too often this is done from unmanaged devices in violation of organisational policy. The workers mean well, but the result can be gaping holes in network defenses. Workers often see security as a roadblock rather than an enabler. When this happens, they will find ways around policy in order to do their jobs more easily and become insider threats.
The unwitting accomplice
Honest insiders also are targeted by malicious outsiders through using social engineering. E-mail phishing (and spear-phishing to target high-value individuals) is one of the most common types of social engineering, but examples range from simple phone calls to carefully crafted Web sites hosting malicious content.
Insider threats do not stop with your employees. Contractors, business partners and links – both upstream and down – in your supply chain all present threats that can be used to compromise your network from the inside.
The first line of defense against the well-intentioned insider is awareness and training. All employees should be educated to understand the risks, organisational policies and the reasons for those policies.
However, the basic rule in defending against both well-intentioned and malicious insiders is to address the threat, not the individual.
John Worrall, Chief Marketing Officer at CyberArk
Image source: Shutterstock/Andrea Danti