Insider threats can be malicious; but more commonly, they are accidental. The weakest point in any security program is people. They can have ill intent, they can also be manipulated or exploited, and they can simply make a mistake and email a spreadsheet full of client information to the wrong email address. These types of incidents are real and happen every day. They can lead to disastrous results on par with any major external cyberattack. Traditionally, these threats are overlooked by most businesses as they are more concerned with the unknown malicious actor than the known staff member or business partner. Organizations are sometimes reluctant to take the steps necessary to mitigate these threats and share important data through a trusted relationship, with little else as a security control.
Let’s look at what defines an “insider.” An insider is any individual who has authorized access to corporate networks, systems or data. This may include employees, contractors, business partners, auditors or other personnel with a valid reason to access these systems. Since we are increasingly operating in a connected fashion, businesses are more susceptible to insider threats than ever before. The volume of critical data in organizations is exploding, causing more information to be available to more staff. While this can boost productivity and help to get work done, it comes with inherent risks that need to be considered and mitigated, lest that privileged access be used against the organization.
There are a number of ways that insiders can cause damage. In some cases, they are coerced by an outsider to extract data. This is common when organized crime is involved. In other cases, legitimate user access is used to extract data, but the user’s credentials are compromised through other means such as a phishing attack.
The good news is that organizations can do more now than ever before. Providers are responding with solutions that monitor email traffic, web usage, network traffic and behavior-based pattern recognition to help detect who in the organization is trustworthy and who may be a risk. While this is all a little big brother sounding in nature, some organizations may find this to be an appropriate way to mitigate the risks that come from insiders. Organizations without big security budgets still have some old-school mitigations available to them such as employee awareness programs, employee background and reference checks, and exit interviews to gather information about attitude toward the company and insight into working conditions. All of these programs help to give teams a sense of what is happening in an organization that may prevent incidents from occurring. --- By Philip Casesa, CISSP, CSSLP, PMP, Product Development Strategist, (ISC)²