The news headlines frequently warn businesses of the need to improve cybersecurity protections to thwart hackers, but not all threats come from outside the company. There are various types of insider threats that need to be managed and mitigated, yet these are all too often overlooked or insufficient controls are put in place to reduce the risk of a deliberate or accidental breach.
What are Insider Threats?
An insider threat is one that comes from within the company, typically an employee who accidentally or deliberately takes an action that causes harm or loss to the company.
Hackers attack companies to gain access to their networks to spy on companies, obtain secrets, steal data or sabotage systems. Breaking through perimeter defenses can be time consuming and difficult but if an insider wants to steal data or sabotage a system, it is far easier as they already have network access.
Not all insider threats involve intentional malicious actions by employees. An employee can also act in a way that negatively affects their company without intending to cause any harm.
This could be intentionally violating company policies in a non-malicious manner. An example would be the installation of software to save the employee time or to allow them to work more efficiently. Installing unauthorized software carries a risk of a malware or spyware infection. An employee could violate company policies which could lead to an accidental data breach. Then there is human error, such as sending an email containing sensitive information to the wrong person. Such actions could prove costly.
Businesses need to protect against all insider threats if they are to avoid costly data breaches. A great many data breaches result from too little focus on cybersecurity defenses to block the threat from within.
Malicious Acts by Employees
Anyone that has access to sensitive company data could potentially abuse their access rights to view or steal data. There is no particular profile of a malicious insider. Everyone could decide one day to steal information or sabotage systems, but you can protect against malicious insiders and manage the risk.
- Cover insider threats in security awareness training and encourage employees to be vigilant and report suspicious activity. Provide them with an easy way to report their concerns.
- Implement tools that monitor for anomalous behavior
- Implement controls to prevent the use of portable storage devices such as thumb drives
- Implement tools that prevent employees from downloading and running certain files types – Executable files for instance.
- Apply the rule of least privilege – Don’t let employees access data/systems that they do not need to access to complete their day to day work duties
Accidents Will Happen…
The insider threats that can be the hardest to defend against are mistakes by employees. These types of insider threats include responding to a phishing email and disclosing login credentials, sending sensitive data to the wrong email recipient, accidentally visiting malicious websites, and inadvertently downloading malware. These threats need to be managed and mitigated through policies and procedures, training, and software solutions.
…But You Can Minimize Risk!
Phishing is arguably the biggest threat. Hackers know all too well that people make mistakes and can easily be fooled. Priority number one should be blocking phishing emails and making sure they are not delivered. For that you need an advanced spam filter. The more phishing emails that are blocked, the lower the risk of a click.
Security awareness training is also essential. When a phishing email lands in an inbox, employees need to have the skills to recognize it as such. Provide training and make the training interesting to engage employees. Interactive training courses can help in that respect. Make sure you test your employees’ knowledge afterwards with phishing email simulations. They will let you know who has taken the training on board and who needs further training.
Training needs to cover all security threats, not just phishing. Teach employees security best practices, including checking badges before allowing someone into the building, password security, keeping credentials private, and safe use of WiFi.
Another important technical control to implement is a web filter. A web filter allows businesses to control what employees can do online. They block access to phishing websites, block drive-by malware downloads, and prevent employees from visiting questionable websites that carry a high risk of malware infections or malvertising redirects: Adult sites and torrents/P2P file sharing sites for instance. Some web filters will also keep employees safe and secure when working remotely.
The important thing for businesses is not to leave things to chance or to assume they are too small to worry about insider threats and data breaches. Every business is at risk, regardless of size.
For further information on software solutions that can protect against data security threats give the TitanHQ team a call.