The Risk of Insider Threats
Prevent Insider Threats
An insider threat refers to a cyber security risk that originates from within an organization. It typically occurs when a current or former employee, contractor, vendor or partner with legitimate user credentials misuses their access to the detriment of the organization’s networks, systems and data. An insider threat may be executed intentionally or unintentionally. No matter the intent, the end result is compromised confidentiality, availability, and/or integrity of enterprise systems and data.
Understanding the Risk
An insider threat may be executed intentionally or unintentionally but are the cause of most data breaches.
companies experience more than 20 incidents per year
Is the amount of days to contain this
is the average annual cost to contain such incidents
Traditional cybersecurity strategies, policies, procedures and systems often focus on external threats, leaving the organization vulnerable to attacks from within. Because the insider already has valid authorization to data and systems, it’s difficult for security professionals and applications to distinguish between normal and harmful activity.
Malicious insiders have a distinct advantage over other categories of malicious attackers because of their familiarity with enterprise systems, processes, procedures, policies and users. They are keenly aware of system versions and the vulnerabilities therein. Organizations must therefore tackle insider threats with at least as much rigor as they do external threats.
While insider threats may not trigger traditional rule-based alerts it doesn’t mean they can’t be detected. The best way to catch insider threats is through behavioral. Behavioral indicators are triggered when a user, server, printer, or other entity does something abnormal. It is normal for someone from accounting to access a financial folder, but when the intern in marketing opens the folder, it is abnormal and could be an indicator of compromise. Likewise, a user who has never used a USB drive at work suddenly plugs one in and copies 100gb could throw red flags.
Protecting against insider threats isn’t possible with a single product, policy, or practice. Rather a combination of tactics should be leveraged to reduce risk. Some of these include:
- Identifying and Locking Down Critical Assets
- Increase Visibility through Behavioral Analytics
- Enforce Policies
- Promote Culture Changes
When layered together as part of an insider threat program, these tactics enable defenders to stop would be data thieves from walking off with precious information.