FINCSIRT

Insider Threat

Many organizations focuses on strengthening the security on their network perimeter, but do not consider about the threats that could arise from the inside, perhaps poses the most threat to cyber-security. From executives to IT administrators to partners, have access to sensitive information. Sensitive data can be maliciously or unwittingly stolen, erased or exposed by insiders for various reasons. Not all insider threats are malicious, there are three types of insider threats, malicious insiders who intentionally steals information or cause damage, insiders who unwittingly exploited by external parties and insiders who make careless mistakes.

While companies are aware of the danger that the insider threats pose, the threat is highly underestimated. The biggest security breaches around the world were caused by insider threats. Furthermore, it is difficult and costly to mitigate insider threats. Insider threats can go undetected for a long time; the longer it takes to detect a leak or a breach, the more costly it becomes to remediate the threat. It’s tough to differentiate damaging actions from regular work because when an employee is working with sensitive information, it is impossible to find out whether the employee doing something malicious or not. Employees can cover their tracks easily; any tech-savvy employee will know how to clean up anything they’ve done by editing or deleting logs, which will make it impossible to detect malicious actions. It is hard to prove guilt; an employees can claim that they have made a mistake and get away with it even if the malicious actions were detected.

There are a variety of reasons to why malicious insiders conduct such crimes. One of the main reasons is seeing themselves as a future competition; some employees may want to start a business of their own and decide to get lead using the data of the company. Competitors bidding is another reason because honest employees can be approached and offered deals that cannot be refused or blackmailed.

Preventing insider attacks can be impossible, but organizations can adopt a proactive approach to minimize the risk. Organizations can use tools to manage identities, access and data to find the sharing of sensitive data with the controls required to minimize the risks. By implementing least privilege access and controlling sensitive data, the risk of insider threats can be reduced. Least privilege access will deny actions limit the damage done by insider attacks. By controlling the sensitive data, organizations can prevent data leaks out of their network through USB drives and email.

It is important to keep an eye on employee behavior because it’s one of the ways to discover malicious employees. If major changes in the behavior is observed without any good reason, it could be a good time to investigate the company for any potential data breaches. Making the employees aware of the insider threats is important because user can send sensitive information via email to the wrong address, providing credentials to phishing calls, etc. By conducting awareness training, the employees can be educated with threats.

The threat from insiders are growing and it could happen at any time to any organization as insider threats can be one of the top cyber security threats. Insider threats cannot be completely removed, but companies have to adopt to various strategies to minimize the insider threats.