A few years ago, in a discussion with a technology company’s CEO about insider threat detection, he declared, “We should exclude company executives, because we can trust them implicitly.”
It’s a common sentiment, shared by leaders across industries. Unfortunately, it neglects one of the biggest problems facing businesses today – insider threat.
Insider threats manifest in three fundamental ways, and only one of them has anything to do with trusting a specific person.
Here’s the unpleasant truth: between 2020 and 2022, insider-spawned cybersecurity incidents increased 44%.
It’s not just something that happens to “the other guy” any more.
What is an Insider Threat?
Insiders can be anyone or anything with access to your organization’s systems and networks.
Usually, it’s the people working with your company on a day-to-day basis: executives, employees, contractors, vendors, and customers.
You authorize them to access your data, your networks, and your systems because you need them to perform legitimate roles.
Though people are the first to come to mind, they’re not the only threats you face.
Hardware devices and software applications also fit this definition with the access granted when installing and integrating them into your environment.
From here, you can easily extend insider threat issues to:
- IT hardware: Laptops, servers, routers, gateways, etc.
- Internet-of-Things (IoT): WiFi enabled TVs, ethernet security cameras, medical devices, etc.
- Operational Technology: 5G-connected assembly-line equipment, network attached pumps, etc.
- Applications and Software: OneDrive, Dropbox, Microsoft Office, Antivirus, etc.
As you can see, it’s not just people that present insider threats.
Types of Insider Threats
The three broad categories of insider threat include malicious insiders, credential theft, and careless insiders.
Malicious insiders actively attempt to damage an organization. These attacks make up 26% of insider incidents, costing an average of $648,000 per event.
Credentials theft occurs when an external party obtains the credentials of an insider (employee, contractor, etc.) through data leaks, phishing, or other means. Attacks involving credential theft make up 18% of insider incidents, costing organizations a whopping $805,000 per event.
However, the vast majority of insider threat events take place unintentionally, with 56% of incidents attributed to carelessness or negligence. On average, they cost organizations $485,000 per event.
Like my CEO friend, it’s important to recognize that credential theft or negligence leads to third-party control of their systems.
Your trusted executive may truly be trustworthy, but if their credentials are stolen or their computer compromised, does it matter how criminals got control?
Mitigating Insider Threat
Malicious insiders’ attacks can be very difficult to mitigate. After all, employees need access to all sorts of systems to legitimately perform their duties.
Some recent examples include:
- A software developer stole data repositories in preparation for a job change.
- A fired IT admin wiped data and changed passwords at their old workplace.
- A fired credit union employee deletes 21GB of data as revenge, which cost $10k to restore.
However, if you apply some simple techniques, you can reduce both opportunity and destructive capabilities.
Keys to limiting such damage include limiting access, data loss prevention (DLP) solutions, security monitoring, and maintaining solid backups.
The concept of least-privilege, or limited access, sits at the center of fundamental security principles. Yet, many organizations still default to full access.
Instead, choose “denied access” as your default, organize your data by job roles, and then provide appropriate full or read-only access to specific applications and data through Active Directory profiles or similar measures.
DLP solutions monitor for the movement and changes of critical data. From there, either IT teams are alerted, or the movement of data is automatically blocked.
Security monitoring is often sold as protection from hackers, but malicious insider activity can generate similar alerts for IT security teams.
Good backups limit how much a malicious insider can damage your organization by limiting the costs and delays of data restoration.
When combined with security monitoring alerts, your organization can react quickly and effectively to be back up and running.
Further Steps You Can Take
All these steps protect against credentials theft and negligent insiders, but additional steps further reduce exposure.
For example, multi-factor authentication (MFA) can dramatically reduce the risk of stolen credentials. MFA alerts can also provide early warnings to your IT security that an account may be compromised.
Negligence can be trickier to counter because of the wide variety of sources.
Employees might leave a network password clearly visible through an office window, misconfigure a firewall, pick up a malware-loaded USB drive in the parking lot, or provide SYSTEM privileges to a plug-and-play device.
Fortunately, many of these issues can be picked up in a comprehensive penetration test. Past mistakes are quickly exposed and provide an opportunity for your IT team to fix them.
Insider security threats are one of the biggest challenges facing businesses today.
With so many employees having access to more data than ever before, you can feel like you’re at the mercy of a single, angry employee.
Even worse, it doesn’t take an act of malice to turn control of your data over to a criminal. A simple error or forgetful team member can cause just as much damage – whether intentional or not.
Fortunately, by taking a few simple steps, you can minimize the risks to your business.
Limit data access to those who truly need it, maintain quality backup systems, and use multi-factor authentication whenever possible.
Through careful monitoring of your systems, you can prevent minor complications from become major problems.
If you’re looking for help managing your systems, contact Ideal Integrations at 412-349-6680 or fill out the form below.
Our security experts are happy to offer a variety of custom solutions based on your specific needs.
Our no-obligation consultation can identify short-term and long-term solutions to fit a variety of budgets to protect organizations just like yours from threats – both inside and out!