Insider Threats and Their Importance

Insider Threats and Their Importance

2 Flares 2 Flares ×
Firms around the globe are now confirming that insider threats are a growing occurrence. While this comes as a surprise to few, the lack of focus on this issue seems to be shared by more IT professionals than expected. As enterprise level change is initiated, it is common for firms to evaluate threats first from external sources first, then from within. While the importance in order of security deployment is negotiable, the most dangerous sort of attack may already have access to your systems. A new era of insider threats includes negligent or malicious employees, contractors and affiliates. The greater the number of firms involved with the improvement of an enterprise’s systems security, the greater the risk of insider threats.
Insider threats often go unnoticed, with as much as 70% of attacks going unchecked. Although this number may seem high, the general complexity of systems makes this a growing problem. Without proper detection tools an organization may have lost proprietary data without becoming aware of it. To prevent this situation, non-technical companies contract technical firms to handle their systems security. The cost incurred through the contracting of IT services far outweighs that of the cost related to recovering a damaged client relationship. Current market leaders have an expectation of technological excellence, which improves business as a whole.

How Insider Threats Emerge

The most common instance of an insider threat is that of a negligent employee, committing a genuine error with unintended consequences. Although your staff may possess the highest of ethical standards, a system of checks (i.e. a security policy) must be implemented to avoid instances of data loss. The high role-ambiguity amongst technical players within startups can also pose a problem as these tech savvy actors tend to access areas of the infrastructure without the privileges to do so. Through the defining of roles and implementation of security policies most negligence can be avoided altogether.

The more obvious of insider threats, malicious employees, are the technical employees of an organization which have decided to cause damage to their firm’s resources as a means of retribution. While it is inherently difficult to point out potentially malicious employees, focusing on preventative measures is a much more effective procedure instead of evaluating developer activities post-occurrence. The easiest way for an organization to do this is to develop the system’s architecture in a way that limits an individual’s visibility; therefore, reducing their ability to do damage.

Many businesses rely upon data to operate, whether it’s a patient’s medical history or a client’s property assessment reports, the loss or distribution of this information can be catastrophic. The key to maintaining full control of this information lays with the system administrators in charge of client data. Typical service level agreements (SLAs) from data-centric companies should include how they intend of protecting client data. This step may seem trivial to many businesses; however, it remains a key part in the consideration of prospective business partners.

Detecting Insider Incidents

Once an organization has done its part to involve the proper procedurals to preventing as many threats as possible, the ability for admins to detect threats becomes equally as important. Without the ability to detect potential incidents, admins lose the ability to understand what sort of systems, namely data-based, may have been compromised. Internal audits are a fantastic start to increasing awareness, as frequent reviews provide a more complete overview of your system. Complete, 24/7 monitoring is a worthwhile expenditure for any business that relies upon its systems, yet seldom receives the funding necessary to be implemented effectively. Tools available to organizations for reducing their exposure include: Application Whitelisting, Inbound and Outbound proxies, User Activity Monitoring (UAM) among others. The use of these tools increase your organization’s ability to identify threats as they become relevant.

Data

After creating a system of privileges to reduce the total number of individuals with the ability to access your organization’s data, the next logical step is integrating tools which allow for the analysis of data flow. By detecting anomalies in data transfer, an administrator may cease operations and evaluate if malicious data transfers are underway. Although typical infrastructures support a very minimal amount of employee data, a true concern may be voiced for client data.as it poses a major point of weakness for infiltration. The value of an organization’s database may be evaluated on a case by case basis; however, the same basic principles apply. The majority or total loss of a business’s’ database will be catastrophic to its operations.

Focusing on Insider Threats Pays Dividends

The last sort of assessment any team wants to deliver is that of post-incident damage. As many incidents go completely unnoticed, reducing the ability to assess the total damage and recovery needed after an event. Enabling key decision makers to accurately report on and assess their data increases the effectiveness of an incident response plan. By implementing both preventative and detection-based measures your organization reduces the likelihood of an insider incident and the negative implications associated with the loss or manipulation of data. Addressing insider threats is important to both your customers and employees. Demonstrating the need for funding in the area of insider threats is tough, especially to non-technical executives. This difficulty grows under the belief that their organization is immune to these sorts of attacks. Gathering support for focusing resources may be done so through the citation of past attacks other companies have experienced and how similar, theoretical, attacks would impact your operations.

The financial impact of an insider attack involves the costs associated with the repair of systems and recovery of data. The loss of current and future business after an attack should also be considered when valuing the cost of preventative measures. By proactively spending on infrastructure security, an organization can avoid the expensive nature of basic insider threats, reducing infrastructure costs as whole. Evaluating the cost of a potential insider threat is impractical, as numerous types of threats lend themselves to an unlimited amount of damage.


References:
List as necessary across your blog/ formal copies
Bunn, C. (2014, February 20). The Insider Threat Manifesto – Enterprise Network Security Blog from ISDecisions. Retrieved May 04, 2016, from http://www.isdecisions.com/blog/company-news/the-insider-threat-manifesto/
Cole, E. (2015, April). Insider Threats and the Need for Fast and Directed Response.
Lee, R. (2016, February). The Who, What, Where, When, Why and How of Effective Threat Hunting. Retrieved from https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
The Cost of an Unintentional Insider Threat. Retrieved April 26, 2016, from http://accudatasystems.com/wp-content/uploads/2016/04/whitepaper_unintentional_insider_threat_cost_en.pdf
Thomas, K. (2015, September 09). The sad stats on state of cybersecurity: 70% attack go unchecked. Retrieved April 26, 2016, from http://www.welivesecurity.com/2015/09/09/cybercrime-growing-concern-americans/
Ullrich, J., PhD. (2016, April). 2016 State of Application Security: Skills, Configurations and Components. Retrieved from https://www.sans.org/reading-room/whitepapers/analyst/2016-state-application-security-skills-configurations-components-36917

Share this post


2 Flares Twitter 0 Facebook 0 Google+ 1 Reddit 0 LinkedIn 1 Buffer 0 2 Flares ×