Our data and systems are frequently under attack these days. A more traditional attack is from external threats like viruses or hackers trying to gain access from outside of your environment. Threats from inside your environment are on the increase though so how are you going to approach securing your environment from within?
What is an Insider Threat?
An insider threat is a common term used by technical and non-technical people but often there are slightly different interpretations of what it means. From my perspective an insider threat is a security threat that originates from within the organisation being attacked or targeted. This could be anyone who has been given access to your environment now or any point in the past. In the past, security threats were often dealt with via traditional security methods like firewalls to keep people out of your network. An insider threat though is different in that you have given people access to your network but that access is being misused. Due to it being internal this can often be much harder to track and protect against.
So how common is this type of attack?
It is thought that there are millions of insider attacks every year, obviously ranging in size from ones you don’t hear about to huge data breaches. It’s a very difficult statistic to nail down but insider threats that leak data can take days, weeks or even months to identify. Most companies surveyed often don’t have anything in place to let them find these data breaches at all which is why statistics are hard to qualify. The longer these threats remain undetected though the longer the data leak can potentially occur for and this can increase any regulatory punishment that may be imposed.
A survey that was carried out for us detailed that:
- 55% of insider incidents are due to privilege abuse
- 77% of employees admitted they had access to data they should not do
Perhaps the most startling statistic though, to go with this, is that one in every two employees believe it is OK to take company data.
Impact of Insider Threats
The main three areas where a data leak or configuration change, caused by an insider threat, impacts a company are:
- Impact on a company’s ability to do business due to down time.
- Negative impact on a company’s reputation.
- Fines and punishments imposed by external regulatory bodies.
A company’s name can become infamous very quickly with a bad data breach and this can affect future business negatively and take years to fully recover their reputation. In addition, regulation is becoming more and more powerful, and the fines and punishments that regulators can impose are forever increasing.
What are common issues that companies experience?
Well the insider threat typically falls into one of malicious activity, negligent behaviour or an accidental breach. Malicious is obvious enough in that an individual has decided to exploit the access they have in their employees environment to release confidential information or cause internal damage for material gain or some other motive.
Negligent behaviour is varied and can include things like employees not following correct policy for storing sensitive information or opening an attachment from an unknown source that triggers a ransom-ware attack. Finally, accidental releases could include things like accidentally sending data to the wrong email address or sharing data that they did not realise was confidential.
What can we do?
There are a myriad of different approaches that companies can make to minimise the likelihood and impact of the insider threat but I would suggest the following as some high level activities to carry out:
- Educate employees to understand they only have access to company data for their job, it is not theirs to use for any personal use.
- Dictate and enforce policies that define how your company will classify data and store data.
- Remove all system access when an employee leaves the company.
- Regularly check who has access to what and implement a 'least privilege' model.
- Implement privilege management for additional security on sensitive systems.
- Consolidate auditing of authentication and configuration changes from as many systems as possible for a holistic view of what is happening in your environment.
- Enforce a strong but usable password policy.
- Have a plan for recovering data or lost configuration if the worst happens.
We have software that can help to combat the insider threat in a variety of ways. Why not come along and learn for yourself in London on 15th June or in Birmingham on 20th June where you will be able to get ‘hands on’ with our products and understand how they can help to combat the insider threat.