None of us like to think that an employee or colleague is out to do our business harm. But, this is happening and on a scale that is disturbing. A recent report commissioned by CA Technologies highlights the depth of the problem that insider threats pose to an organisation.
The study identified some key findings:
- Ninety percent of organisations feel that insiders pose a serious threat
- Over half said they had experienced an insider threat in the previous 12 months
- Of those threats, fifty one percent were accidental or unintended
- The average cost of an insider threat was up to $500,000 (approx. £382,000)
An insider threat is one of the most difficult cybersecurity issues to detect and therefore manage. In this article, we will look at some of those complications and give some tips on how to prevent your organisation being hit by an inside-attack.
Outside Threats vs. Inside Threats
Data breaches cost a business right across the board. They cost money to rectify, organisations lose face with customers, and if your company is found to be not in compliance with the likes of GDPR, then a large fine is also on the cards. When you hear that up to seventy five percent of data breaches are caused by insiders, this should bring the issue to the forefront of your cybersecurity strategy.
But who is behind this? What type of person would put their job and their colleagues’ jobs, at risk?
Profiling the Insider: The “Usual Suspects”
The types of people who typically act as an insider threat have been profiled by a number of industry analysts. The usual suspects are:
The accidental insider:
Accidents happen, a typical example is an employee who leaves their laptop on the train. In a recent freedom of information check, it was found that UK government employees had lost over 600 devices in the past 4 years.
Accidental insiders also include staff who have had their credentials stolen. In a Verizon report, they found that eighty one percent of hacks begin with stolen, default, or weak passwords. Phishing and spear phishing are the most likely way that passwords are stolen – the CA report finding that sixty seven percent of companies put phishing as the number one way that accidental threats are enabled. In other words, we may be inadvertently turning our staff into insiders by not training them to spot phishing attempts.
There is always some member of staff unhappy about some aspect of the company and/or their job. Most just get on with their work. However, a small number may well become a malicious insider threat, and when they do, the damage is on a scale that defines malicious.
Loss of intellectual property and proprietary information has always been an issue in the business world. Competitors and now state actors are hacking into systems to cause havoc as well as leak your sensitive information. Often, they will use an insider to open the door – and keep it open. Verizon found that in 2017, 30 percent of stolen data within the manufacturing sector was intellectual property.
On the way out:
Employees who leave companies are in a good position to take data with them; we often think of the sales rep who takes your customer list when they leave to use in their next job. Employees who leave your organisation may no longer have the same loyalty and might even think it’s OK to take your data records.
Having access to personal data can be a temptation too far for some insider threats. A recent example was a healthcare employee who stole patient data and used it to obtain credit cards.
Tips to Detect or Prevent Insider Threats
The best way to prevent the security threats posed by staff members is to be aware and be prepared. Here are some tips for preventing a security issue caused by an insider:
# Tip 1: Create a culture of security
As we’ve shown, over half of the security threats your company is challenged by are accidental. You can potentially cut your risk in half by ensuring that everyone in the company is fully aware of where security risks lie and how to prevent them happening. A company-wide program of cybersecurity awareness training is a great way to build a culture of security in your organisation. A security-aware organisation involves everyone, from the board down. It gives all employees the knowledge needed to ensure they work safely.
# Tip 2: Know your data and who accesses it
To ensure you have the right protection in place you need to know what you are protecting. Create a map of your data and its lifecycle. This will identify weak spots and vulnerable areas. At the same time, look at your privileged access rights – make sure only those who MUST have access are allowed privileged rights to those areas.
# Tip 3: Put in down on paper
Make sure that your security policy includes insider threats. A threat management program should always include insider threats, as research has shown that your organisation is just as much at-risk from insiders as external threats. A useful guide on where to start with this exercise is given by CERT’s “Common Sense Guide to Mitigating Insider Threats” It includes common issues such as managing the threat when firing staff.
# Tip 4: Monitor and protect
Insider threats, especially those from malicious actors, can be very hard to spot. They may have legitimate, privileged access to the very resources they are stealing. New techniques to detection of unusual behaviour and patterns of behaviour can be applied to solve this. They use machine learning (a subset of artificial intelligence) to spot unusual occurrences and create alerts to allow you to manage the risk.
# Tip 5: Combating the whys
Many of the threats posed by insiders come from unhappy employees. This may seem like an obvious statement, but an unhappy worker can feel a grudge that turns into a bad action. Try to cultivate a company culture where people feel happier in their work and valued – this will create loyalty and employees who are less likely to take out their grievances on your data.
Good employees are hard to come by. But they are the lifeblood of our organisation. We need to ensure that they don’t suck the life out of the company by making sure they are security aware and content. With diligence and care and the application of knowledge and security awareness training, we can reduce the risks of insider threats and, in turn, reduce our overall cybersecurity risk.