Three Practices for Defending Against the Threat from Inside

Cybersecurity Insiders and Crowd Research Partners recently released their “Insider Threat 2018 Report.” The report surveyed 472 cybersecurity professionals about their view and position on the threat posed by “insiders” – the employees and partners that have access to an organization’s business operating systems and data.

The report reminds us that protecting against the insider threat is not just about protecting the business from malicious actions by insiders. In fact, 51 percent of respondents were most concerned about guarding against accidental or unintended breaches due to carelessness, negligence or compromised credentials.

Securing the business from those who are seen as “legitimate” users, such as employees and partners, is critical. Not only do those insiders have legitimate access to the company’s most sensitive information – which in itself demands security – many regulations and standards, such as PCI DSSHIPAASarbanes-Oxley and FFIEC, require that insider threat security protocols are in place to demonstrate compliance.

Businesses understand the need to defend against insiders. According to the survey, 73 percent of respondents feel they have the appropriate controls in place to detect and prevent an insider attack. Still, 90 percent of the respondents feel vulnerable to insider threats with 43 percent saying extremely vulnerable; 13 percent very vulnerable; six percent moderately vulnerable and 23 percent slightly vulnerable.

As a business, protecting against the insider threat is a must-do. Here are three simple practices that you can adopt to help protect against insider breaches – whether malicious and planned or accidental and unintended.

Educate Employees – Your security is only as strong as your most careless employee. If one single employee falls for a phishing attempt, all corporate data could be at risk. Once malware is in a system, bad actors use it to gain access and elevate privileges within an organization.

Respondents to the survey cited phishing as the biggest enabler of accidental breach (67 percent). Weak or reused passwords were another path with 56 percent of respondents citing that source. Unlocked devices (44 percent), poor password sharing practices (44 percent) and unsecured WiFi (32 percent) were also viewed as enablers and sources of accidental breach.

Use Two-Factor / Multi-Factor Authentication – Two-factor or multi-factor authentication requires an additional element (or elements) beyond a password in order to grant access to a system or information. A commonly used second-factor is a one-time password sent via text message to a user’s mobile device. Requiring additional factors for authentication will help defend against breaches when the insider’s credentials, such as a password, is compromised. It also can help protect against accidental or unintended breaches because it’s one extra step that might give the employee that extra second to realize the mistake.

Fine-tune Intrusion Detection and Monitoring – Intrusion detection tools monitor networks and systems, and can help identify potentially malicious activity or policy violations.

Respondents to the survey indicated that most insider exploits are detected through intrusion detection and prevention (IDS/IPS) (63 percent), log management (62 percent) and security information and event management (SIEM) (51 percent) tools.

When it comes to monitoring access to sensitive data, only 47 percent continuously monitor data access and movement and proactively identify threats. Forty-six percent of respondents monitor, but with a “yes, but” response: 24 percent monitor access logging only; 14 percent monitor only under specific circumstances; and eight percent monitor only after an incident.

Employees and partners are your trusted insiders, but anyone can make a mistake or do something unintended that results in a security breach. Protecting against insider threats should be high on the security to-do list because some regulations demand it and not every security breach is the result of an external attack.Enter your text here …

Leave a Comment

Your email address will not be published. Required fields are marked *