The Department of Homeland Security National Cybersecurity and Communications Integration Center (CISC) states “insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices.”
The current Verizon Data Breach Investigation Report finds that outside threats leverage stolen credentials in 35% of attacks, followed closely by phishing/malware emails. The third major cause of breaches is user error. The implication of this finding is that a significant portion of security hardening efforts can be rendered ineffective by the very people who need access to an organization's data, facilities, and systems. This category is not limited to employees: anyone who has been granted access at some level can erode security. Current and former employees, vendors, contractors, and suppliers should all be considered potential insider threats.
While authorized access to company applications and data is necessary for a variety of roles, users might unknowingly and negligently expose sensitive information by:
The vast majority of breaches from insiders can be attributed to lack of knowledge, inadequate training, or even simply a sense of urgency to provide assistance when asked, leading an employee to bypass controls or access and share data through unapproved means.
To counter this type of threat, you must create a healthy culture that educates users and rewards a positive security attitude.
Cyber incidents can also arise from employee recklessness or procedural violations that provide system access to threat actors. Unfortunately for most companies, these types of end-user activities typically endure over a significant period, and happen in many work environments, particularly in higher education, healthcare, financial, legal, and governmental organizations.
To counter threats stemming specifically from negligent insiders, you must create a healthy culture that educates users and rewards a positive security attitude. Some effective tactics to employ include:
Although different in motive, the malicious insider poses no less threat than a negligent insider. Malicious insiders seek to monetize corporate data or intellectual property. Some malicious insiders may even be working for nation states or organized crime. Identifying the activities that indicate a malicious insider threat exists may be difficult, but there may be non-technical red flags that provide an indication something is not right. The CISC has provided the following behavioral characteristics that can be used as indicators:
To counteract these threats, whether malicious or negligent, a combination of social and technical preventive and detective activities should be implemented:
Due to the cybersecurity environment we operate in today, no one can guarantee 100% success in preventing all attacks. Ultimately, a holistic approach that incorporates both protective and detective technologies, coupled with novel approaches to data security, like zero trust, can help mitigate the risks to an acceptable threshold balanced with your organization's investment of time, money, and effort.
Experienced P&N Technology Services professionals work diligently to develop informative articles and webinars on a wide variety of topics, such as:
Join our cybersecurity contact list to stay updated on all P&N technology insights and webinars.