Insider Threats: Fighting the Enemy Within

[fa icon="calendar"] May 6, 2016 9:27:48 AM / by Pedro Pereira

blog-circle-of-people.jpg

While organizations tend to view cybersecurity risks from an outside-in perspective, the reality is insider threats account for more than 50 percent of security breaches. Employee actions, whether malicious or inadvertent, pose a serious risk that companies cannot ignore.

In its 2015 “Cyber Security Intelligence Index,” IBM revealed that insiders are responsible for 55 percent of cyber attacks. It’s not always intentional, however, since 23.5 percent of incidents result from inadvertent action. That still leaves almost a third of incidents – 31.5 percent – as the result of malicious activity.

Intentional or not, the results can be equally damaging – the loss or theft of intellectual property, private customer data, and human resources records. This is the stuff that makes headlines, delivers reputational black eyes, incurs punitive regulatory fines and invites lawsuits from aggrieved parties.

Insider threats, therefore, deserve as much attention as companies typically dedicate to outside hackers. Addressing insider threats requires an understanding of user behavior as well as well-defined, enforceable policies and reliable technology.

According to the U.S. Department of Homeland Security, certain employee behaviors may indicate malicious activity – copying proprietary materials, showing interest in “matters outside of the scope of their duties,” and unexpected absences.

The department also warns about employees who work odd hours and access the network at irregular times such as vacations. But those activities are common with remote users, telecommuters, so they aren’t always reliable indicators.

Preventing Unauthorized Use

From a technology standpoint, however, there is much an organization’s cybersecurity department can do to prevent unauthorized access to company systems. Users leave a footprint wherever they go, so the question is whether you have the tools to track their movements.

Identity management is key; you should leverage an automated authentication solution to help protect IT assets. Authentication technology that tracks user activity by machine name, IP, location and directory workgroup ensures users get access only to systems for which they are authorized and helps prevent data exfiltration. If internal users are linked to evasive threats, you’ll be able to pinpoint who they are.

Aside from identity management, organizations should leverage encryption technology to keep data away from prying eyes by making it impossible to read without a decryption key. SSL is the standard approach to encrypting web traffic, but there have been some SSL-related problems, so you’ll want a solution that properly manages your SSL connections.

Pick technology that manages SSL traffic without adding latency, regardless of network size, and secures traffic between all users, including those who access the network from personal mobile devices.

Insider threats are the enemy within. They can be just as damaging – or more so, depending on a user’s level of access – than any attack perpetrated by an outside hacker. If you haven’t implemented tools and policies to address insider threats, it’s time to do so. Insider threats aren’t going away, and if anything, are likely to continue to grow.


 

Read about 11 key considerations for a cybersecurity solution that can help defend against insider threats

Download Now

Pedro Pereira

Written by Pedro Pereira

Pedro Pereira is a Massachusetts-based writer who has covered the IT channel for two decades, with a recent strong focus on cybersecurity, managed services and the cloud’s evolution. He can be reached at pedrocolumn@gmail.com.