Defence is the Best Offence in Fighting Insider Threats

By Jackson Shaw, Vice President, Product Management at One Identity

External hackers are a constant threat for all organisations when it comes to cybersecurity. Global ransomware attacks such as WannaCry and NotPetya that took place last year demonstrated the devastating effects external attacks can have on an organisation. More recently, hackers stole usernames, email addresses and scrambled passwords from 150 million MyFitnessPal app users. Even with the prominence and publicity surrounding these breaches, some of today’s most damaging cybersecurity threats are not from malicious external threats or malware. They are coming from threats inside organisations.

Insider attacks can be just as damaging (if not more damaging) to an organisation as an external attacker and many organisations are already aware of the threats that malicious insider attacks or accidental breaches pose. In fact, a majority of organisations have already experienced an insider attack over the past year. As a result, insider threats have become a huge priority for organisations and their cybersecurity strategy. With nearly two-thirds of organisations indicating that they are shifting focus to insider threat detection this year according to Insider Threat 2018 Report.

Understanding an Insider threat

Insider threats are often overlooked because they come from a trusted source. The trusted insider, usually an employee, roams freely within the walls of the network with little oversight or accountability. Oftentimes organisations are vulnerable to insider threats because too many users and devices have administrative access to sensitive data such as employee directories, databases and file shares.

Businesses frequently make the mistake of giving employees access to more data than they need to perform their tasks. Protected data and intellectual property lie within a keystroke of anyone with the right access, putting an organisation at risk, every second of every day. A user who shouldn’t have access to this protected data or has appropriate access but that access is shared and unchecked places an unnecessary security risk on an entire organisation. Ensuring users only have access to to the systems and capabilities that they need will reduce the risk of an insider threat.

Insider threats come in many shapes and sizes. Maybe you are dealing with an intentionally malicious employee who is upset with the recent actions of the organisation. Perhaps a disgruntled ex-employee still has access to the back-end of a network or system. These insider threats can be just as damaging as an external party targeting an organisation, especially if organisations are not prepared.

Many times, the insider threat occurs from accidental human error. A privileged user makes a change (often, by accident) that causes an unexpected change to a network or opens security gaps that invite external sources to infiltrate a usually secure system. It may be that nothing catastrophic happens at the time of the mistake, however, months or even years down the road this can lead to data loss or compliance risk.

If offence wins games, defence wins championships

 In order to overcome insider risks, businesses can implement a number of solutions and tactics including, deterrence methods, analysis and post-breach forensics to mitigate risk. Proactive organisations have started utilising user behaviour monitoring. Organisations can deploy some method of monitoring employees access to sensitive data. Knowing what employees are doing on workplace networks, and who has access to what data is an important step to protect against insider threats. With this data, behaviour that deviates from the norm can provide an early warning of malicious activity.

By proactively building and rolling out an insider threat program, businesses can play defence while being on the front foot. Being hands-on is always better than being reactive to insider threats and mitigating malicious insider threats before they occur should be the goal. Inevitably there will be a moment when an organisations defence falters. It is vital that every business has a plan around what to do should a breach arise. Successful organisations have different plans for crisis situations, and a data breach is no less a crisis than an employee getting hurt on the job or an executive embezzling money. Building and rehearsing a plan that all employees can consistently execute will be invaluable if a breach happens.

Don’t Lose Focus While many organisations are shifting their focus on threat detection to prevention and insider threat analysis, organisations still lack the essentials needed to battle cyber threats. Training, expertise, technology, collaboration and budget are all significant when it comes to insider threat management. Organisations must have one eye looking for the next big external threat that could cripple the organisation while also keeping a watchful eye on employees and individuals who have access to sensitive information. If organisations want to ensure their networks are as secure as possible, knowledge and planning are paramount to a strong defence.

Tags NotPetyaWannCry

Show Comments