How To Protect Your Business Against Insider Threats – The Essential Guide Part 2Anirban Banerjee
In the first part of our essential guide we looked at the importance of using cross-departmental teams, and HR in particular, to combat insider threats, as well as the key role physical security can play in protecting business assets.
Five More Essential Tips For Protecting Against Insider Threats
Missed part one? You can read it here. Up-do-date? Let’s look at some more essential tips for ensuring insider security:
4. Consider Threats Across Your Entire Supply Chain
An insider can be anyone who has access to your network or data and isn’t limited to your employees. Businesses are increasingly using contractors and forming close partnerships with other companies, opening whole new avenues for an insider attack. These, and other business associates, are a growing risk, especially because most will need some level of network access to perform their role adequately.
Businesses must find a balance between quick onboarding and an appropriate level of security to reduce risk. Just as vitally, businesses must maintain a solid offboarding process, removing access to data once it is no longer needed. Many recent insider threats have been caused by former employees or contractors whose access privileges have not been revoked months, or even years after they left.
Security should also be a factor when choosing businesses to partner with. How safe are their systems? What safeguards do they have in place? Your security may be tight, but infiltrating a business you partner with may give a malicious individual the opportunity to damage your organization or steal your data.
- Perform background checks and security checks on contractors, consultants, and business partners as you would on your own
- Put processes in place to ensure secure onboarding and offboarding.
- Non-disclosure and confidentiality agreements will help you start the legal process in the event of a problem and discourage malicious individuals.
- During a merger, perform checks on acquired employees as if they were in your hiring process.
5. Catalog and Risk Assess Your Most Critical Assets
With so many potential threats, securing your organization against insiders can seem like an impossible task, particularly for smaller businesses with fewer resources. Cataloging and risk assessing your critical assets is an essential task for any business and can help smaller ones focus on the biggest risks to their organization.
Your most critical assets are those that if stolen or destroyed would have the biggest negative impact on your business’s ability to carry out essential functions. For most typical businesses, this is customer data or intellectual property such as proprietary software or processes.
- Catalog your critical assets and the people who have access to them.
- Assign a risk level to each one according to how critical it is.
- Assign resources as appropriate to provide the business with the best possible protection (prioritizing if insufficient resources).
- Perform ongoing monitoring of your assets, adjusting risk level as necessary.
- Use your risk assessment to guide future spending on security.
6. Provide Regular Training For Employees
Often when we discuss insider threats, it can make it sounds like every employee is a potential threat. While that is theoretically true, the clear majority of employees want your business to succeed and would not dream of hurting the business – although they still might do so accidentally.
Providing high-quality insider threat security training for your employees is one of the best ways to reduce your risk and help employees protect the business they work for. Not only will accidental threats – which make up almost half of all insider threats – be reduced, but you’ll also have your regular employees trained to watch for signs of malicious insiders. Anyone in your organization considering an inside attack may also think twice when they see how serious your business is about protecting its assets.
Although it is unlikely that an employee will witness an insider attack first-hand, they may spot behavior that indicates an increased risk – an employee intentionally flouting security procedures, bragging about the data they could steal, or inappropriately using business resources to their own end.
- Start training employees to spot insider attacks (including accidental ones).
- Educate employees about the financial and legal risks that insider threats pose.
- If resources are slim, prioritize teams with access to your critical assets, such as Finance.
- Create a security culture by beginning training during the onboarding process.
- Establish procedures for anonymous whistle-blowing.
7. Enforce Privileged Account Best Practice
A large proportion of hacks stem from a malicious individual gaining access to a genuine privileged account, which gives them access to some of your most sensitive information. In the case of an insider attack, that individual either already has their own account, and chooses to misuse it, or gains access to a co-worker’s account. When an outsider accesses one of these privileged accounts the attack essentially becomes an inside attack – they are using your own tools and systems to fulfill their own objectives.
The solution to both these cases is diligent management of your privileged accounts. It is not uncommon for a business to have far more privileged accounts than necessary, many of them of no use. Often executives and other senior personnel are given privileged accounts despite not ever needing them in their daily job. When asked, many businesses may not even be unable to identify all their accounts.
Privilege creep is another serious issue: when a long-term employee picks up more and more privileges as they move around the organization, without losing those that are no longer relevant. Should these employees become malicious, the damage they can do is significant because of their broad access to your systems.
Unless these accounts are identified, controlled, and tracked they could be used at any time to access, steal, or destroy your business’s most critical data.
- Use PAM software to track all your privileged accounts.
- Regularly audit accounts and remove privileges when no longer needed.
- Give new users the least privileges necessary to perform their role.
- Monitor privileged accounts for unusual behavior.
8. Monitor and Compare Behavior Against “Normal”
Insider threats abuse their everyday workplace privileges in ways they shouldn’t and wouldn’t normally if they are just doing their job. By tracking behavior, particularly of digital accounts, and establishing a “normal” pattern, system admins can spot and investigate unusual behavior.
With the right software, this isn’t hard. You can track how each device and user interacts with others, establish a pattern, and then spot anomalies. During a normal period of work a workstation will interact with only a few other devices – domain controller, print server, email server, etc. – and users will be using a select few devices, from specific locations, at quite regular times.
But logging this information is not enough: you need to use it in real-time. By the time you’ve analyzed the data, the individual concerned could have caused significant damage. This is possible with the latest technology, utilizing machine learning to make automatic decisions to block or limit access for users according to circumstance and predefined rules.
For example, a contractor may be automatically blocked from accessing all but the most basic of services when connecting from outside the office, or at a time outside their normal work hours. This granular access management is the best way to maximize both security and usability for your system.
- Use granular access management to govern access to your system.
- Fine-tune access according to individual roles, locations, and more so that unusual behavior is flagged and blocked.
- Track behavior for evidence in legal and disciplinary proceedings.
Too much to handle? Onion ID Will Protect Your Infrastructure in 60 Seconds
There’s a wealth of insider threats out there, far too much to handle manually. Onion ID has been created for IT managers who need full control and visibility without the hassle. Businesses can manage privileges easily, with users automatically granted access to essential applications according to their location, role, and biometric information, but blocked from more valuable data.
- Easily manage privileges on SaaS applications and servers.
- Real-time visibility of your user’s behavior.
- Zero-hassle biometric and 2-factor authentication.
- Automated auditing for SOX, PCI, HIPAA and more.
- No installation
Also published on Medium.