Insider Threats: The Enemy Within
The Hollywood portrayal of a hacker is a mysterious hooded figure sitting in a dark room, furiously tapping away at a keyboard in search of a back door into an organization’s system. However, the real enemy may be sitting in a brightly lit cubicle right outside the CEO’s office. Insider threats pose just as much danger to organizations as outside hackers. According to a research study by Intel, 43% of data losses happen due to the actions of “internal actors.” About half are unintentional accidents or carelessness, while the other half comprise purposeful malicious activity.
Security researcher Brian Krebs reports that some organizations are paying security firms or partnering with law enforcement to monitor the Darknet, a hidden online underworld that can only be accessed using special software that hides users’ identities and locations, in an attempt to stop disgruntled employees from selling privileged company information such as high-level system credentials. However, by the time an inside actor is snagged trying to strike a deal on the Darknet, the damage has already been done. Additionally, this monitoring does nothing to address the insider threats from carelessness, negligence, or a simple lack of cyber security awareness.
Continuum GRC recommends that organizations take the following proactive measures to protect themselves against insider threats:
Have a written acceptable use policy.
A written acceptable use policy is a very basic step that many organizations overlook. It is imperative that specific rules are established regarding the acceptable use of company hardware, software, and network access. The policy should be in writing and signed by every employee. While a written policy won’t stop insider threats due to malicious acts, it will provide leverage for a company to take disciplinary action against an employee who violates the policy.
Establish user behavior baselines and monitor your network for deviations.
The “human factor” in preventing insider threats only goes so far. Technical defenses are also necessary, including 24/7 monitoring of your organization’s system. Baseline patterns should be established for each user, and any changes in user behavior, such as a user logging into the system from an unusual location or attempting to access a part of the system they don’t need to do their job, should be flagged and investigated.
Restrict system access as appropriate.
No employee should have a higher level of access to the organization’s system than they need to do their job. A salesperson has no need to access employee tax and salary data. Employees in the human resources department wouldn’t normally need to access the billing system. Limiting system access not only protects against malicious insiders but also prevents hackers from obtaining the “keys to the kingdom” should they manage to steal credentials from a lower-access employee.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from internal threats and external security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect against insider threats.