As external and technical cyber defences improve, the role of an insider in any cyber-attack is becoming more important. A number of recently released surveys show that more than half of all people seeking to defraud a company are already on the inside.
Insider threats come in two forms: The first is a malicious threat where an employee, former employee, contractor or associate deliberately brings harm to an organisation. Insiders have special privileges that external attackers do not as they already have access to the networks and can compromise sensitive data all too easily. This risk can also increase where organisations have replaced dedicated resources with contractors, third-party support personnel or cloud-based IT services as those who administer services will be beyond both the control and visibility of the organisation.
Accidents do happen
The other form of the insider threat is accidental; an employee may inadvertently open a malicious email that then spreads malware throughout the organisation’s computer systems.
People remain the weakest and easiest links to break in any organisations infrastructure. The social media information outburst, the blurred lines between corporate and home devices and the lack of clarity around actions employees are allowed to take, all combine to create the opportunity for attackers.
How to Defend Against the Threat
The IT and Security infrastructure of many organisations is based on a design that is 5 or 10 years old, meaning that it was created long before the introduction of Cloud and mobile IT within the workplace. The introduction of mobile technology means that the number of access points into a business’s network is now significantly higher than it was previously, giving an insider more opportunities to cause mischief.
Implementing Privileged Access Management (PAM) or Identity and Access Management (IAM) systems can also reduce the risks as by implementing effective system monitoring you will be able to detect when an employee tries to access areas in a system that they shouldn’t.
Ensure that your organisation has a solid foundation of fundamentals in place. How can you check for insider threats if you don’t have security measures already in place?
These fundamentals will allow the detection of any unusual behaviour and protect against hostile actors from accessing sensitive data. If an employee is signing into the system from random/strange locations they can be detected and then assessed to see if they have been compromised.
Aside from keeping your staff happy by treating them and paying them well, a business also needs to keep a watchful eye on changes in their employees’ personal situations. By regularly communicating with employees a business’s leadership can assess whether an employee could pose a risk. In short, getting the organisations culture and basics right is key to reducing the threat.
By training staff and raising awareness of the basics, such as how to create strong passwords, implementing effective security measures and putting in place an effective risk management scheme you can greatly reduce the insider threat.