As external and technical cyber defences improve, the role of an insider in any cyber-attack is becoming more important. A number of recently released surveys show that more than half of all people seeking to defraud a company are already on the inside.
Insider threats come in two forms: The first is a malicious threat where an employee, former employee, contractor or associate deliberately brings harm to an organisation. Insiders have special privileges that external attackers do not as they already have access to the networks and can compromise sensitive data all too easily. This risk can also increase where organisations have replaced dedicated resources with contractors, third-party support personnel or cloud-based IT services as those who administer services will be beyond both the control and visibility of the organisation.
Accidents do happen
The other form of the insider threat is accidental; an employee may inadvertently open a malicious email that then spreads malware throughout the organisation’s computer systems.
People remain the weakest and easiest links to break in any organisations infrastructure. The social media information outburst, the blurred lines between corporate and home devices and the lack of clarity around actions employees are allowed to take, all combine to create the opportunity for attackers.
How to Defend Against the Threat
The IT and Security infrastructure of many organisations is based on a design that is 5 or 10 years old, meaning that it was created long before the introduction of Cloud and mobile IT within the workplace. The introduction of mobile technology means that the number of access points into a business’s network is now significantly higher than it was previously, giving an insider more opportunities to cause mischief.
Implementing Privileged Access Management (PAM) or Identity and Access Management (IAM) systems can also reduce the risks as by implementing effective system monitoring you will be able to detect when an employee tries to access areas in a system that they shouldn’t.
Ensure that your organisation has a solid foundation of fundamentals in place. How can you check for insider threats if you don’t have security measures already in place?
These fundamentals will allow the detection of any unusual behaviour and protect against hostile actors from accessing sensitive data. If an employee is signing into the system from random/strange locations they can be detected and then assessed to see if they have been compromised.
Aside from keeping your staff happy by treating them and paying them well, a business also needs to keep a watchful eye on changes in their employees’ personal situations. By regularly communicating with employees a business’s leadership can assess whether an employee could pose a risk. In short, getting the organisations culture and basics right is key to reducing the threat.
By training staff and raising awareness of the basics, such as how to create strong passwords, implementing effective security measures and putting in place an effective risk management scheme you can greatly reduce the insider threat.
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.