This short blog will help shed some light on the types of insider threats to detect and mitigate, the damage they could cause, the user aspects that increase these risks, and the security protocols you should implement to prevent and reduce these future threats.
When it comes to cyberthreats, “Insider Threats” are among the most dangerous that exist. Yet, organizations of all sizes seem to be both negligent and reluctant when it comes to defending against them. Over 50% of organizations don’t have an IRRP(Insider Risk Response Plan) and 40% don’t assess how effectively their technologies mitigate these types of threats.
Even though 59% of IT security leaders expect insider risks to increase in the next two years, very little is being done to prevent them from causing serious security incidents in the future.
With the threat growing bigger by the day, disaster could really strike at any time. If you aren’t worried yet, just remember that the average time to identify and contain a data breach is now marked as 280 days. This should give you an idea of the possible damage a single data breach could cause to your business if undetected for that amount of time.
Simply put, an employee or contractor who willingly or unwillingly uses their authorized access to cause harm to your business is considered an insider threat. The Ponemon Institute’s “Global Cost of Insider Threats Report 2020” lists 3 types of insider threats:
· A careless or negligent employee or contractor who unwillingly lets a hacker access your business’ network. Over 60% of incidents in 2020 were related to negligence.
· A criminal or malicious insider who abuses his or her privileged access to your business’ network to either steal sensitive data for financial gain, or sometimes just plain old revenge. Criminal insiders were involved in 23% of breaches in 2020.
· A credential thief who poses as an employee or a contractor to gain access to sensitive data and then compromises the data for financial gain. Credential theft led to 14% of breaches in 2020.
Even a single security breach caused by an insider threat can result in some really serious damage to your business. We’ll go over these in the following examples below:
· Sensitive Data Theft: Valuable data such as customer information or industry trade secrets could be exposed following a data breach. This is a situation Marriott International found themselves in and survived in early 2020. Hackers abused a third-party app used by Marriott for providing guest services, and this granted the hackers access to 5.2 million records of past and present Marriot guests.
· Forced Downtime: The downtime following a breach impacts your business in more ways than one. As we mentioned earlier, it can take quite a long time for your organization to be able to obtain the details of the breach and then control the damage. This forced downtime can drain your business resources, similarly to how it did to a company in the UK who had to eventually shut down their entire shop for good after an angry ex-employee deleted 5,000 documents from the company Dropbox account.
· Destruction of property: A malicious insider can cause damage to physical or digital equipment, systems or applications, or even information assets. A former Cisco employee gained unauthorized access to the company’s cloud environment and deleted over 450 virtual machines, jeopardizing the access of 16,000 users of Cisco WebEx. The tech major had to shell out $2.4 million to fix the damage and pay restitution to the affected users.
· Reputation Damage: This is a guaranteed consequence of a suffering from a security breach. Should you receive a breach, investors, partners and clients may immediately lose confidence in your business’ ability to protect personal information, trade secrets or other sensitive data. This is something not easy to come back from and requires immediate remediation of the issue to convince those affected that you can be trusted again
The likelihood of a security breach caused by an insider could be significantly increased due to:
· Giving admin rights to excessive amounts of employees without considering need
· Allowing any and all employees to have the ability to download or delete apps and programs without permission
· Using weak or copycat login credentials across multiple programs and sites
As a business, you can build a resilient defense against insider threats as part of a proactive defense strategy, rather than a reactive one. Some of the immediate actions you can take include:
· Assess and audit all systems: Direct your IT team to assess and audit every system, data point, and user in order to identify threats and document it thoroughly for further action.
· Restricting access and permission controls: Not every employee needs to have access to every piece of your company data. You want to review and limit unnecessary user access privileges, permissions and rights immediately. If they can’t access it, they can’t steal it.
· Mandatory security awareness training for all users: This action should be non-negotiable. Every user on your network should be trained thoroughly on cyberthreats, especially insider threats, and how to spot early warning signs shown by potential insider threats such as:
o Downloading or accessing considerate amounts of data without reason
o Accessing sensitive data not associated with the employee’s job function or typical behaviors
o Raising multiple requests for access to resources not associated with the employee’s job
o Attempting to bypass set security controls and safeguards
o Repeatedly violating company policies
o Unnecessarily staying in office during off-hours
· Enforcing strict password policies and procedures: You should repeatedly encourage all employees to follow strict password guidelines.
· User Authentication: Deploy user authentication methods, such as two-factor authentication (2FA) and multi-factor authentication (MFA), to ensure that only the correct users access the proper data securely.
· Determine regular user behavior: Create and implement a policy to determine regular user behavior related to their access and activity, either based on the job function or the user themselves. Don’t be counted among the 56% of security teams that lack historical context into user behavior.
· Ongoing detection & monitoring: Put in place a strategy and procedures that will identify and detect abnormal or unacceptable behaviors.
Detecting insider threats and building a robust defense strategy against them can be a tough task for most businesses, regardless of size. Unfortunately, the longer you wait, the greater the chance that there’s a security lapse, and that alone could cost your business its entire future.
However, you shouldn’t hesitate to ask for help. Tekie Geek can help you assess your current security posture, determine potential insider threats to your business, fortify your cybersecurity procedures and policies, and secure your most important and critical business data.
It may seem like a tedious process, but that’s why we’re here to take all the hassle way and ensure your peace of mind remains intact throughout this battle! All you have to do is shoot us an email, and we’ll take it from there.