The Insider Threat
A SANS survey, run between June and August 2017, has shown that ransomware, insider threats and Denial of Service attacks are considered the top three cyber security threats faced by organisations and the insider threat can be considered to be the main security threat in 2017.
Well trained employees should be the first line of defence, however staff also represent a potential threat. An insider threat can be classified as intentional or inadvertent, in either case the damage caused could cost your company money, data loss and reputational damage.
A disgruntled employee who believes they have badly treated can take advantage of their access to the network and data to compromise the business. They may share sensitive information or delete or alter important files.
The inadvertent threat is caused by poor training, carelessness or human error and can take many forms. For example, leaving the business open to malware infection or loss of sensitive credentials due to phishing or emailing files to the wrong recipient.
Insider threats can be difficult to detect and remediate. Firstly, it can be difficult to identify malicious actions, a tech savvy employee will probably know how to cover their tracks and even if caught can simply claim to have made an honest mistake. And, it can be difficult to identify the genuine inadvertent mistake that comprises data or allows ransomware into the network – remediation can be a costly exercise.
When considering the insider threat, there are three main groups that need attention.
- Privileged users – usually the most trusted users in the business but they have the most opportunity to cause harm intentionally or inadvertently.
- Disgruntled and terminated employees – don’t make the mistake of thinking that staff have to be employed to pose a risk, too often recently departed employees still have access to networks and data via malware or because poor termination procedures failed to disable it.
- Third parties – Partners, subcontractors or vendors may also have access to your systems for valid reasons but how much do you know about their security practices and staff training?
How to combat the insider threat?
Sadly, in the world of cyber security no single solution provides a 100% fool proof answer but there are actions you should take that form an essential part of the multi layered defence that should be in place.
- Train your staff – employees can and should be a first line of defence against social engineering techniques such as phishing and CEO fraud. Helping your teams to recognise the threats will prove to be a very cost-effective way of reducing your organisation’s exposure to cyber-attack.
- Educate your staff – make sure your staff understand the value to the business of the data they use at work every day and how important it is to follow procedures and best practice.
- Privileged access – users should only have access to data that is required for their role, these can be escalated if necessary and if agreed. Limiting privileged access not only reduces the risks to data from malicious action but also limits the potential spread of malware through the network.
- User access – ensure that access to networks and applications is protected using strong passwords and do not allow the sharing of credentials between staff.
- Identify the disgruntled employee – this can be easier said than done, especially in large teams. However, encourage supervisors and managers to be aware of the risks that unhappy employees can pose and to keep an eye on those who seem out of step with their colleagues. User monitoring software might be worth considering, such solutions monitor user and data interaction allowing you to understand if an incident was malicious or simply a mistake.
At CF Systems we provide a range of services that help clients devise effective policies that make their internal practices and data more secure from the threat from within. We also deliver the infrastructure and training that enable companies to have tailored security solutions, designed specifically for their business needs.
To find out more, please contact us on 01209 340030 or email us at firstname.lastname@example.org