How to Protect Against Insider Attacks
You can protect your organization’s digital assets from an internal threat. Here are some important guidelines to consider in your plan:
Protect Critical Assets
Identify your organization’s critical logical and physical assets. These include networks, systems, confidential data (including customer information, employee details, schematics and detailed strategic plans), facilities and people. Understand each critical asset, rank the assets in order of priority and determine the current state of each assets protection. Naturally, highest priority assets should be given the highest level of protection from insider threats.
Create a Baseline of Normal User and Device Behavior
There are many different software systems that can track insider threats. These systems work by first centralizing user activity information by drawing from access, authentication, account change, endpoint and virtual private network (VPN) logs. Use this data to model and assign risk scores to user behavior tied to specific events such as downloading sensitive data to removable media or a user logging in from an unusual location. Create a baseline of normal behavior for each individual user and device as well as for job function and job title. With this baseline, deviations can be flagged and investigated.
Admitting the lacking visibility over insider misuse is a challenge. Therefore, it’s important to deploy tools that continuously monitor user activity as well as aggregate and correlate activity information from multiple sources. You could, for instance, use cyber deception solutions that establish traps to draw in malicious insiders, track their actions and understand their intentions. This information would then be fed into other enterprise security solutions to identify or prevent current or future attacks.
Define, document and disseminate the organization’s security policies. This prevents ambiguity and establishes the right foundation for enforcement. No employee, contractor, vendor or partner should have any doubts about what acceptable behavior is as it relates to their organization’s security stance. They should recognize their responsibility to not divulge privileged information to unauthorized parties.
Promote Culture Changes
While detecting insider threats is important, it is more prudent and less expensive to dissuade users from wayward behavior. Promoting a security-aware culture change and digital transformation is key in this regard. Instilling the right beliefs and attitudes can help combat negligence and address the roots of malicious behavior. Employees and other stakeholders should regularly participate in security training and awareness that educate them on security matters, which should be accompanied by the continuous measurement and improvement of employee satisfaction to pick up early warning signs of discontent.