Who is the Insider Threat?
The insider threat is something that’s faced by all organizations, regardless of size or industry. This year alone, insider threat attacks have skyrocketed, and organizations are now looking for ways to identify these threats before it’s too late.
Part of the challenge for modern organizations is that today’s perimeter is no longer easily defined. The data center was once your network’s primary point of entry and exit. However, the explosion of new connected devices, 5G, and hyper-scale cloud deployments have expanded the perimeter across the entire infrastructure. The modern network has even reached our home offices, creating new edges that now need to be secured. The proliferation of applications and the number of connected devices create billions of edges that need to be managed and protected. In addition, according to Google, more than 80% of online traffic is now encrypted, presenting new challenges for inspection of malicious traffic.
Unfortunately, most security breaches today are due to human error. Anyone with access to your data or systems—whether that be your employee, former employee, partner, supplier, or even your board member — has the potential to expose confidential information.
When looking at the different types of insider threats, accidental insiders represent the largest percentage. These are individuals that are unwittingly causing harm by clicking on malicious links, failing to follow policies and procedures, or simply just being careless. Accidental insiders can also be the people that are driving technology changes within your organizations but don’t want to be slowed down with processes. They can even be overworked admins who try to take shortcuts by not patching or having weak passwords.
The malicious insiders are deliberate and intentional in their efforts to either steal information or cause disruption. Usually, it’s for financial gain, but it also can be a disgruntled employee that has been downsized or laid off. While these individuals can work on their own, they can also work on behalf of a third-party agent.
The last group of insiders is the credential thieves. Once any adversary compromises a username and password, they are essentially an insider. While hiding behind legitimate credentials, they can masquerade around your organization as a known trusted employee, taking whatever information they can. What makes this type of insider threat so hard to combat is that they are pretending to be someone that is a known and trusted entity within the organization.
Creating A Strategy
Every organization should be concerned by insider threats. Not only can you lose valuable data, but the financial implications of an insider security breach can be detrimental. According to the Ponemon Institute, accidental insiders have cost on average $4.5 million, malicious insiders over $4 million, and credential thieves about $2.7 million. With these numbers on the rise, it is essential that organizations are concerned and focused on reducing the risk of damage caused by insider threats.
So, how can organizations address the challenge of insider threats? How can organizations identify what is good versus bad behavior? How should your security posture compare with similar organizations? How can teams create an environment where employees don’t feel as if they’re not trusted? How can you explain the potential impact of the insider threat to other executives who drive some of that investment and strategic outlook? What tasks should be prioritized in the near term to address these? And most importantly, how do you achieve that cyber situation awareness and keep breaches at bay?
When it seems like the adversary is someone who could potentially be inside your environment, the task may seem improbable to address. What organizations need to leverage are the pillars of IT security: People, Processes, and Technology. An approach combining these three elements is needed to address the human risk challenge.
People Strategies for Combatting Insider Threats
First, the organization must create and prioritize a culture of security. Education is key here, with investments in security awareness training, phish testing, etc. People need to understand what they should and should not be doing within the environment and how to practice good cyber hygiene. Since most ransomware attacks are largely done by social engineering attacks, phish testing is important to prepare and train your workforce for these types of attacks.
As a result, as employees become more familiar and prepared, they can become more vigilant and help report incidents. Similarly, organizations need to support incidence reporting by helping employees understand where to go with this information.
Read More from this Author
If you enjoyed this article, you'll probably like: