Achieving Organizational Preparedness for Insider Threats
Does it feel like everywhere you turn, you’re hearing about another cybersecurity incident? Another business, perhaps even in your industry, has fallen victim to a scam. Another threat to prepare for?
This article is another warning – but don’t let that stop you from reading on.
It’s true that cybercrime is on the rise, with a projected value of $10.5 trillion by 2025. Cybercriminals are growing more cunning, developing innovative ways to exploit weaknesses, breach network, and app security, or even use end users as pawns to get what they want: oftentimes, your valuable data.
But it’s not only those making a career in deception that you need to worry about. Sometimes, the threats hit a little closer to home.
Unlike phishing scams and denial of service (DDoS) attacks, insider threats arise within your organization. These threats are perpetrated by trusted end users such as employees, contractors, vendors, partners, or service providers. Insider threat incidents may be:
Unintentional threats due to human error or negligence. These non-malicious incidents can occur through phishing, social engineering, accidental disclosure, lost/stolen data or devices, improper disposal of data/devices, or naivety, such as trusting links or message requests to perform a function.
Malicious attacks by those who knowingly commit a cybercrime. Malicious attacks include data, device, or intellectual property theft, IT sabotage, and fraud. Employees – current or existing/former – may execute these schemes for various reasons. They may steal IP to further their career, steal data (such as financial or end user details) to sell on the dark web, or seek revenge by sabotaging your organization. They may work alone, collaborate with other insiders, or be coerced by people outside your network.
Understanding insider threats is the first step to achieving organizational preparedness to avoid falling victim.
Keys to Organizational Preparedness for Insider Threats
It’s not all doom and gloom, and trust no one is a more preventative measure than a tin foil hat concept. The suggestion is not to move throughout your organization assuming the worst of everyone, but to build in tools and awareness to keep a keen eye out for signs of insider threats.
Manage Third-party End Users
Sometimes, organizations are so focused on securing their network and endpoints that they forget about the peripheral danger: third parties. Contractors, vendors, suppliers, and service providers can also pose a cyber risk. These users all have access to your network and data to varying degrees, depending on the nature of their role or relationship with your company. To mitigate risk, it’s crucial to ensure these users have only the access they need, their activity is monitored, and their accounts are swiftly offboarded when they are no longer needed.
Employees leave for any number of reasons. Sometimes it’s amicable, like taking a job offer they can’t refuse, taking time off to spend with their family, or retirement. Sometimes it’s less cordial, such as termination or friction with management. Unfortunately, even the smoothest departures can result in insider incidents.
Departing employees may take data with them for a leg up in their new role. They may promise intellectual property to gain a competitive edge for themselves or their employer. Or, they may sabotage your systems or data on their way out. Regardless of their motivation, exiting employees pose a risk.
Ensure you offboard accounts as soon as possible when employees depart. If the employee has given notice, pay attention to their network activity in the days or weeks leading up to their departure if they make any unusual movements. Hold exit interviews, where possible, and ensure you clarify to these employees what qualifies as illegal or risky behavior and that they understand there may be consequences.
Use Behavioral Analytics
Many insider threats can be indicated by unusual network activity. Behavioral analytics will monitor and alert you of any distinctive activity, such as large file downloads or uploads, credential abuse, or unusual access patterns. These tools will track, collect, and analyze end-user data to spot outliers and, hopefully, mitigate risk before it becomes an incident.
Create a Risk-aware Culture
Human employees can be your greatest asset and your greatest liability. Negligence or naivety can cost your organization dearly, and it can be easily avoided. Address human error proactively by conducting ongoing training and creating a risk-aware culture.
A risk-aware culture has cyber risk woven into its lexicon. Starting with onboarding and all the way through, employees should be accustomed to hearing, talking, and learning about the risks that may affect them, their team, and the organization.
Conduct regular insider threat awareness training to highlight the risk of human error and negligence, and to shine a light on malicious risky behavior. After all, your employees can also be whistleblowers and should know when to report suspicious activity. Employees should also know who to contact if they make a mistake, understanding that things may happen no matter how careful they are. Of primary importance is to react and resolve the issue quickly.
About the Author
Stefanie Shank. Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is a regular writer at Bora.
Disclaimer: The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE’s position nor that of the Computer Society nor its Leadership.