The more our external and technical cyber defences improve, the more important the role of an insider becomes in any cyber-attack. According to PWC's Global Crime Survey 2016, more than half of people seeking to defraud companies are already on the inside of their security systems. In this blog, we take a look at some of the insider threats facing organisations and three steps they can take to reduce these risks.
Insider threats come in two forms. The first is a malicious threat where an employee, former employee, contractor or associate deliberately brings harm to an organisation. Unlike external attackers, these insiders have special privileges that give them access to sensitive data, which the company believes is secure. The risk of this type of deliberate inside attack increases significantly when organisations replace dedicated resources with personnel beyond their control and visibility, like contractors, third-party support or cloud-based IT services.
The second type of inside threat is accidental. An employee might inadvertently open a malicious email, for example, which then spreads malware throughout the organisation's computer systems. Despite being unintentional, these events are no less serious than deliberate attacks and often result in sensitive data being exposed and held for ransom.
In either case, when it comes to breaking into any organisation's infrastructure, people are often the weakest links in a security system. Availability of information through social media; increasingly mobile workforces; the same devices being used at home and work; lack of clarity around which actions employees are allowed to take – all these elements of modern business create new opportunities for attackers.
Without knowing it, many organisations are still using IT and security infrastructures that were created before the introduction of modern working practises like mobile IT and Cloud-based computing. When using a security or networking architecture that is five to ten years old, modern mobile and cloud technology introduces many new access points to a business's network, which gives attackers – both insiders and external threats – easy access to sensitive data.
Reducing this risk can be as easy as implementing a Privileged Access Management (PAM) or Identity and Access Management (IAM) system. Simply by monitoring your internal systems, you can detect when an employee, contractor or third party tries to access areas of your infrastructure that they shouldn't. In many cases, merely knowing that their access activity is being monitored and controlled is enough to deter attackers and encourage all staff to take better care.
Another area worth consideration is password management, as the use of weak and shared passwords poses a problem for many businesses during a breach. By ensuring that your organisation uses and maintains strong and unique passwords that are never shared, you can vastly improve your security and, in the case of both accidental and malicious breaches, establish who, what and where the responsibility lies.
If your organisation doesn't have proper security measures in place, you can't check or monitor for inside threats. An essential method of protecting your business against cyber-threats is, therefore, to ensure your organisation has a solid foundation of fundamental security infrastructure in place at all times.
These fundamentals will help you detect unusual behaviour and prevent hostile actors from accessing sensitive data. If an employee signs into the system from peculiar locations, for example, they can be detected and assessed to see whether they have been compromised, before being allowed to continue. Improving and maintaining your fundamental systems in this way can dramatically improve your security without inconveniencing employees or discouraging mobile working.
To improve your security even further, it is highly advisable to use a Security Incident and Event Management (SIEM) solution, which provides a feed from your internal networks and perimeter security systems. This allows you to correlate security events across multiple devices and look for anomalies and patterns that can highlight internal or external attacks, and help you identify and isolate breaches more swiftly.
Remembering that people are a weak link in your security, it is imperative that you train your employees to create strong passwords or use a password management solution, be aware of potential risks, and implement effective security measures. To truly minimise the threat from inside, you must also put in place an effective risk management scheme and monitor your staff closely.
As well as keeping your employees happy by treating them well, you should also monitor changes in their personal situations. Regular communication with your employees, contract staff and third parties can help you assess who might pose a risk, and minimise the chances of both malicious and accidental threats. This attention is equally imperative when using short term cover staff and teams for particular projects, as temporary workforces pose an equivalent threat to an organisations' security as full time staff.
To summarise, the key to reducing the threat from both internal and external cyber-attacks lies in getting your organisation's culture and basic security right, and monitoring it regularly. By combining training for employees with foundational security measures and the use of access management systems, you can easily minimise the threat of cyber-attacks and protect your business and valuable information.
To learn more about securing your business and reducing the risk posed by insider threats, contact your Softcat account manager or register for a Cyber Essentials assessment using the button below.
We would love to hear any comments you have about this article!