Strengthen your organization against insider threats
Internal threatswhether intentional or not, can have a devastating effect on a business, often resulting in financial and reputational loss.
Intentional insider threats are cyber security Threats from people working directly with an organization, such as employees, contractors, or business partners, who want to steal data for malicious purposes.
“Typically, it’s a disgruntled employee or former employee who still has access to the system, or a ‘hacktivist’ employee who was hired for the sole purpose of infiltrating the company,” he said. declared Jeremiah Masonsenior vice president of product management at authID, a biometric authentication provider.
Unintentional insider threats are those committed by insiders who inadvertently put their organization at risk. They can do this by clicking a phishing link in an email, breaking company policies, or even accidentally sending sensitive company data to the wrong person.
Detect insider threats
Insider threats are currently difficult to detect because typical threat detection tools are designed to detect external attacks.
“They are made to look for things from outside,” said Joseph Blankenship, vice president, director of research at Forrester Research. “They’re not necessarily made to examine insider threats.”
Organizations can use analytic tools that detect changes in user behavior, however. For example, companies might want to be careful if employees are accessing and downloading huge amounts of data that they don’t need to do their job, Blankenship said.
Additionally, vendors are beginning to offer tools specifically designed to detect insider threats.
“For example, Code42 has a tool specifically designed for insider threats,” Blankenship said. “And now you’re starting to see these tools designed for that start looking at how insider threats are different from other threats.”
Protect your data from insider threats
Insider threats have increased by 44% over the past two years, while the cost per insider threat incident has increased by a third since 2020 to $15.38 million, according to the Ponemon Institute. 2022 Global Report on the Cost of Insider Threats.
Ponemon reports that 67% of organizations experienced between 21 and 40 incidents per year, up from 60% in 2020. The report also notes that it now takes organizations longer to contain insider threats than in 2020, the number of days going from 77 to 85.
Therefore, it is essential that businesses take steps to protect their systems and data against these threats.
Here are some tips to help you achieve this.
Develop/revise your security strategy
Companies should start by developing—or, if it already exists, review—their security policies to identify and address security vulnerabilities.
“Clearly identify your risks and vulnerabilities—as well as the technologies, policies and procedures needed to mitigate them,” said Dominique Birolin, vice president of cybersecurity and compliance at Strive Consulting, a division of Planet Group. “Next, create a roadmap to implement the missing mitigation components and the metrics you’ll use to determine how well they work.”
Organizations’ strategic plans should also ensure that employees are both properly qualified and available to implement necessary security precautions to respond quickly to insider threats, Birolin said.
Apply the principle of least privilege
Companies should only give people access to the systems and data they need to do their job. Therefore, one of the most important steps, but also one of the most difficult to implement, is the principle of least privilege.
“We don’t necessarily want to give them carte blanche access,” Blankenship said.
To this end, organizations must thoroughly screen employees, contractors, and vendors before allowing them access to their data and systems.
“It’s about making sure the level of access is only what they need and nothing more,” said Justin Blackburn, threat detection engineer, AppOmni, security software as a service provider. “[It’s] also using role-based access controls and security group roles and proactively monitoring and auditing these to ensure that people have not been inadvertently granted access to resources to which they should not have access.
“Rigorous permission and access management is essential and should include forms of multi-factor authentication,” added Timothy Morrischief security adviser at Tanium, a cybersecurity and systems management company. “Approval processes should include due diligence before granting access, with withdrawal when no longer needed.”
Integrate anti-phishing modalities into daily routine
To protect against insider threats, organizations and their employees need to make security part of their daily routines, for example by prevent phishing attacks.
“Everyone has a level of responsibility in fighting phishing attacks,” said Jamie Moles, senior technical marketing manager at cybersecurity firm ExtraHop. “Positive reinforcement, ongoing training, and strong feedback loops are all key to making it stick.”
Phishing continues to be a key method hackers use to target employees, creating unwitting insider threats, he said.
“Today, threat actors target employees through sophisticated intelligence gathering, identifying people and positions to ensure they send ‘credible’ emails with lines of subject matter and relevant attachments,” Moles said. “These phishing emails can be almost impossible to identify as hoaxes.”
To that end, organizations need to think about how their technologies support their outreach and education efforts.
“IT managers should have a plan and tools in place to support mid-game intrusion detection, before [threat actors] are capable of exfiltrating or encrypting critical data,” Moles said.
For example, Moles said, companies should train every employee to:
- Check the sender’s email address. “It’s often an easy red flag that users miss when they’re in a hurry or it looks like the note is coming from their boss or CEO,” Moles said.
- Check the links. “Hover over the link to see the full URL, or better yet, Google the item to access the linked item for yourself,” Moles said.
- Verify via different methods to determine the legitimacy of an email. “If the legitimacy of an email is suspect, contact the sender directly through another channel [or] a new email, or visit the company website or social media to connect directly,” Moles said.
Disable access for departing employees
When employees leave, organizations should immediately disable those employees’ access to systems and data. The same applies to suppliers and/or business partners when these partnerships end.
However, when it comes to employee departures, this is not quite enough.
“I think savvy companies also need to have processes in place that allow them to add another level of control and oversight over these employees,” said Terry Ray, Senior Vice President of GTM Data Security and Field Technical Director at Imperva, a cybersecurity software and services company. “Maybe when they give their two weeks notice, they are placed in a high-risk group and someone is tasked with monitoring their activity every day to understand every file or database they access. “