As a business owner or IT manager, you take great pains to protect your network infrastructure and trade secrets from external threats. You make sure your servers and desktops are patched on a regular basis, and you counsel your employees on the dangers of phishing scams and targeted ransomware attacks. But are you doing everything you can to protect yourself from an insider threat?
For many business owners and IT professionals, the answer to that question is a resounding no. Even as businesses struggle to update their software and protect against the dangers of hackers, the real threat often goes unnoticed.
Insider threats and the risk of cybercrime
When it comes to protecting themselves and their businesses from the dangers posed by a hypothetical insider threat, businesses must necessarily reflect on where the real dangers are coming from. And while no one discounts the risk of hacking and ransomware attacks, an insider threat could be even more devastating.
Unlike those far away hackers, insiders are right there. They are part of your organization, they know the structure of your information technology operations and they understand how your files are stored and how they are backed up.
If an insider wished to pose a threat, he or she could almost certainly do it. As a matter of fact, nearly half of those who could one day pose an insider threat recognize the power they hold over the organizations that employ them.
A troubling reality
A recent report by Imperva should give information security professionals, business owners and third party vendors plenty to think about. That survey found that nearly half of security professionals said they could implement an insider attack if they wished to, taking that insider threat from the realm of the hypothetical into the world of reality. These opinions expressed are just that – opinions, but the individuals surveyed are speaking from positions of experience. As security professionals and information technology experts, these insiders hold the keys to the kingdom, and it would only take one disgruntled IT staff member to bring the network down. And more worryingly, almost half of organizations would take weeks, months or never find out about these malicious insiders.
Terry Ray, CTO of Imperva, said it best,”Business’s continued reliance on data means more people within an organization have access to it. The result is a corresponding increase in data breaches by insiders either through intentional (stealing) or unintentional (negligent) behavior of employees and partners. While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system may be less obvious: it’s your employees.
“Insider threats are one of the top cybersecurity threats and a force to be reckoned with. Every company will face insider-related breaches sooner or later regardless of whether it is caused by a malicious action or an honest mistake. And it’s much better to put the necessary security measures in place now than to spend millions of dollars later. Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behavior, using the principle of least privilege, controlling and monitoring user access, and educating employees.”
Assessing and handling the insider threat
From experts in the information technology business to the leading third party vendors, the pros recognize the insider threat for what it is. While no one would argue that protection from hackers and other external threats is a waste of time, it is clear that businesses need to spend more of their time and resources assessing the threat coming from inside their own walls.
If you doubt the seriousness and the reality of this insider threat, just think about how much sensitive information the typical employee encounters on a typical day at the office. From Social Security numbers and medical ID numbers to credit card and bank account information, the people on your staff are privy to some of the most sensitive information imaginable.
Add to that the fact that some of the most serious data breaches have happened from the inside. From Edward Snowden and the NSA revelations to designs for self-driving cars stolen in acts of corporate espionage, these data breaches all have one thing in common – they got their start not from Chinese hackers or Russian trolls but from an insider threat instead.
Limited access can reduce the risk
Apart from firing all your employees and doing all the work yourself, there is no way to completely eliminate the risk of insider threats. But the good news is these threats can be minimized and mitigated, and adopting the policy of least possible access is a good place to start.
With this policy, employees are provided with access to the files they need to do their jobs – and only those files. Workers in financial services do not need access to the latest project management news, and they certainly do not need access to human resources information. Since employees can only damage the files they have access to, this simple step can greatly reduce the insider threat to your business, your network infrastructure and your intellectual property.
Know how to respond
Adopting a policy where each employee is privy to only the sensitive information they need is a good place to start, but it may not be enough to protect yourself and your organization from the risk of an insider attack. It is also important to be prepared, and to have a robust incident response program in place.
Hopefully you will never fall prey to either an insider threat or an external attack by hackers, but it is important to be prepared in case the worst happens. If you do suffer a data breach or ransomware attack, do you know what to do and how to proceed? Whether the attack was conducted for personal gain or as an act of retaliation for a termination or perceived unfair treatment, the first step is to assess the damage. Until you know what has been taken and which information has been breached, it will be impossible to react effectively.
Prevention is still the best defense
The old saying that an ounce of prevention is worth a pound of cure is certainly true in the world of information technology and insider threat assessment. Preventing an insider attack is always preferable to reacting to a data breach after the fact, and having strong defenses will make the job of those nefarious insiders or dangerous hackers that much harder.
If you want to protect your business, your IT infrastructure and your trade secrets, you need to take a proactive approach. That starts with recognizing the danger of insider threat, assessing your risks and addressing the concerns in your threat report. Recommendations and best practices from the CERT Insider Threat Center can help.