Is Your Organization at Risk from Insider Threats?James Evans
The stark reality of IT security today is that insider threats, from members of your organization, are just as potent a threat as those from outside. We don’t like to consider the fact that our employees may be maliciously using business data for their own ends, but ignoring this fact leaves your business vulnerable.
According to recent research[i], 62% of security professionals saw the amount of insider attacks they experience increase over the last year. The average frequency of these attacks was 3.8 incidents per business, but 45% of respondents didn’t even know how regularly these attacks were occurring. Businesses must learn to recognize and prevent insider attacks to safeguard their business.
What is an Insider Threat?
Not every insider threat is the same. There is an important distinction between malicious individuals and those who cause damage to the business through negligence. Both can be damaging, but defending against them both requires a broad security strategy, encompassing both IT security and the promotion of the right business culture.
It is also important to remember that an insider threat is from someone who has privileged access to your system and information, which is a wider scope than just your employees. The threat could be from a contractor, or even someone who previously worked for the company but has now left without having their access revoked.
Insider Threat: Negligence
The threat of negligent individuals comes in many forms:
- The employee who never bothers to read corporate security policies, so has no idea that their current email practices are unsafe.
- The employee who has their corporate laptop stolen but doesn’t report it for a week because they’re on holiday.
- The employee who uses the same, short passwords for their business accounts as they do for their personal accounts.
- The employee who frequently leaves their laptop logged on and unattended.
- The employee who talks about confidential business information in pubic settings.
For many of these situations, the fault is not with the policies and procedures, or even with technical security considerations, but instead is predominantly a cultural problem.
Insider Threat: Malicious
Malicious insider threats include employees and contractors that are purposefully trying to steal data for personal gain, or as an act of revenge for a perceived slight:
- The individual who steals intellectual property to sell to a competitor.
- The individual who leaks confidential customer information.
- The individual who commits fraud for personal gain.
- The individual who steals their business laptop when they leave the company.
According to a survey produced by Cisco[ii], an incredible 11% of employees said that either they or a colleague had either stolen a device, or stolen data to sell for a profit.
Because these individuals are actively trying to commit a crime, they can be harder to identify, but with the right controls, it is possible.
How Can You Reduce Your Risk?
If insider threats are as prevalent as the surveys indicate, your organization is at risk, regardless of its size.
So what steps can you take to limit this risk?
Ensure Security Policies Are Easily Understandable
The greatest threats to your business’s security come not from your IT team but from your other workers. Your security policies must be explained in language that they understand, with the consequences that both the business and the employee experience clearly explained.
A large portion of these security threats come from individuals who are simply not aware of the dangers of their actions. Clear training can resolve most bad behaviour before it becomes financially damaging.
Of course, once you’ve recommunicated your security policies, you need to ensure that they are appropriately enforced. Unfortunately, some employees won’t consider security a high priority unless there are consequences!
Make Security Part of Your Company Culture
In many businesses, a request for employees to put additional security practices in place can make individuals feel like they’re being asked to go above and beyond their job remit.
This simply isn’t true, and you must ensure they know that.
Build security into your business culture and make every employee aware that the security of the business and its data is a part of their role, regardless of whether they’re in the finance team, HR department, or a sales team.
Perform Ongoing Risk Management
Insider security risks fluctuate, not only as you bring on more staff or contractors, but also as you start using different software or change procedures. Certain changes in your systems and processes may make it easier for employees to leak data, on purpose or otherwise.
This fact must be represented in your planning and taken into account during every decision-making process that could indirectly affect the security of your business.
Use Appropriate Security Software to Track & Analyze Employee Behaviour
Without the right tools, trying to maintain your security can be a nightmare. To help protect against insider threats you should be able to perform the following tasks:
- Manage access levels of your employees according to company policies to ensure that individuals can only access data appropriate to their position.
- Track the websites and applications your employees are using in real-time, and flag up inappropriate or risky behaviour.
- Deactivate access for endpoints that have been lost or stolen, ensuring that sensitive data can’t be stolen along with the machine.
- Granular access management means you can create rules to govern access. For example, you could block or reduce access from certain locations, or during certain times, even if the user’s authentication is correct. This can stop suspicious activity, and help prevent access using a stolen identity.
- Record actions taken by employees on your servers so you can trace suspicious behaviour and put a stop to it.
OnionID gives you a complete picture of how your employees are interacting with your data. Alongside appropriate cultural strategies, OnionID can help you detect and prevent insider threats.
Do you want to know more about securing your IT infrastructure? Sign up to the OnionID newsletter today. You can also start protecting your organization today, with a FREE OnionID trial.
[i] SpectorSoft – Insider Threat Spotlight Report – http://www.spectorsoft.com/resources/infographics/insider-threat-spotlight-report/index.html?UK=true&
[ii] Cisco – Data Leakage Worldwide White Paper: The High Cost of Insider Threats – http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-506224.html