For long, companies have been too timid to report, recognize, or act against employees who have become a threat to their organization. Often, insider threat attacks are embarrassing or considered just an issue for the Human Resource departments. The insider threat is like a black mark on the management processes and the company’s reputation.
Insiders always have advantages over external factors seeking to circumvent security as employees enjoy significantly higher levels of privileges and trust along with extensive knowledge of organizational policies, processes, and procedures. Insider threats are difficult to catch because these are people having authorized access to the network and applications. Sometimes even business partners compromise security through misuse, negligence, or malicious access to or use of an asset raising the security threat. Detecting and mitigating such a wide array of insider threats requires a specific approach compared to hunting for external threats.
15% of the data breaches and 20% of cybersecurity incidents that were investigated within the 2018 Verizon Data Breach Investigations Report (DBIR) originated from people within the organization. Significant financial gain (47.8%) and pure fun (23.4%) were the top motivators. All these attacks exploiting internal data and system access privileges are often only found years or months later, making their potential impact on a business immensely significant.
DBIR analysis has also flagged a shift in how social attacks such as financial pretexting and phishing might be misused. Attacks like these continue to infiltrate organizations via employees, are now increasingly a departmental issue. Furthermore, this year’s DBIR warns the C-level executives having access to the company’s sensitive information, are now the focus for social engineering attacks. The senior executives are 12x more likely to become the target of social incidents, and 9x more likely face social breaches than in previous years – and the financial motivation remains the key driver.
Below are some of the key countermeasures that can help reduce risks and enhance incident response efforts:
Conduct Threat Hunting Activities – Companies should make productive investments in threat intelligence, dark web monitoring, behavioral analysis and risk hunting to search, monitor, detect and investigate suspicious user and user account activities, both inside and outside the enterprise.
Perform Vulnerability Scanning with Penetration Testing – Leverage vulnerability assessments and penetration tests to identify gaps within the infrastructure and application components, including potential ways for insider threats to maneuver within the enterprise environment.
Implementing Personnel Security Measures – The implementation of Human Resource Controls – background verification checks, Security Awareness Training, and Least-Privilege Principles to mitigate the number of cybersecurity incidents associated with unauthorized access to enterprise systems is mandatory.
Employing Endpoint Security Solutions – in addition to the standard robust endpoint security controls/solutions, User Entity Behavioural Analytics (UEBA), File Integrity Monitoring (FIM) tools, and Endpoint Detection and Response (EDR) solutions can deter, monitor, track, collect and analyze user-related activity.
Establishing Incident Management Capabilities – Establishing an incident management process to include an Insider Threat Playbook with trained and capable incident handlers, makes cybersecurity response activities more efficient and effective in addressing insider threat activities.
Retain Digital Forensics Services – Have investigative response retained resources available, which can conduct a full-spectrum of detailed investigations ranging from the analysis of logs, files, memory, disk, and network forensics, in often intricate insider threat-related incidents.
By integrating all these countermeasures, with other existing strategies such as a Cyber Security Policy, Human Resources Management, Risk Management Framework, and Intellectual Property Management can strengthen efficiency, cohesion, and timeliness in addressing insider threats.
Read More: The Transformation of Federal Cybersecurity