As part of National Insider Threat Awareness Month teiss spoke to ten leading cyber-security experts about the dangers of insider security threats
It seems like every day there is a headline about another company falling victim to a cyber attack. However, as vigilant as an organisation may be, most overlook an important contributor to cyber attacks: insider threats.
With 61 percent of organisations experiencing at least one insider attack last year and insiders responsible for around 22 percent of all security incidents, organisations must scrutinise the threats walking through their door every day with as much rigor as they show when securing the perimeter from external attackers.
This National Insider Threat Awareness Month, teiss spoke to ten cyber-security experts about the dangers of insider threats, and how to reduce risk imposed by negligent or malicious insiders.
A problem exacerbated
“What makes insider threats most threatening is, almost without exception, they have the deck stacked in their favour,” said Tim Bandos, CISO at Digital Guardian. “The pandemic has shifted organisations’ data security needs. With the rising value and volume of digital assets, there’s greater risk of insiders leaking or stealing sensitive data. Once you grant insiders access to your network, perimeter security offers no protection.
“Bad actors enjoy the freedom that comes with trusted access and can compromise systems undetected. Guarding against insider threats requires a focus on understanding and securing the data itself and prompting users to do the right thing.”
“As companies move toward a hybrid work model, IT teams will be challenged with safeguarding sensitive corporate data from insider threats both in the cloud and on-premises,” agrees Anurag Kahol, CTO at Bitglass. “This further validates the need for complete visibility and control across the hybrid IT ecosystem.”
“As organisations push on with their digital transformation strategies and deploy a new generation of app-based services the risk of unauthorised access and data exposure is growing,” adds Liad Bokovsky, Senior Director of Solutions Engineering at Axway.
“Recent news stories about security vulnerabilities that have exposed private data have brought the issue of API security into sharp focus. Simple failures to treat API security with respect have resulted in some significant data breaches affecting millions of users. A lax approach to API security could leave the door open for an innocent insider to inadvertently share sensitive data with unintended recipients, as happened with the Peloton breach earlier this year.”
Regular training is paramount
When it comes to maintaining cyber vigilance, it pays to train all employees accordingly. Don Mowbray, EMEA Lead, Technology & Development at Skillsoft, suggests: “Consider giving end-users access to bite-sized learning that enables them to spot a phishing email and know when and why they shouldn’t click on a link or open a document.
“This represents a vital first line of defence for protecting the company’s network and data. Ensuring that those responsible for IT security are appropriately trained in how to implement best practice security guidelines and procedures is also critical.”
Gary Cheetham, CISO at Content Guru, agrees: “Regular training on cyber security and hygiene using engaging and accessible resources is the best way to minimise this risk.
“Content Guru’s Security team regularly phish test staff – sending realistic but fake phishing emails to employees to see how they respond. This helps us gauge how effective our cyber-security training is and make any improvements deemed necessary. New employees are by far the most susceptible to falling for phishing attempts, so attending mandatory training sessions early on is a good way of mitigating risk. We encourage our team to question anything that seems at all suspicious, and to go with their gut instinct or ask for advice where needed.”
“For me,” he adds, “the key takeaway for Insider Threat Awareness Month is that regular training on cyber security and cyber hygiene is the best way to cultivate a highly secure workforce.”
Implementing the right technology and attitude
Danny Lopez, CEO at Glasswall, notes that while employee training can be helpful in some cases, “it often overlooks the sophistication of cybercriminals and can create a fear-based culture where people are afraid to come forward if they’ve made a mistake.
“Your employees should not be your only line of defence against cyberattacks. Instead, your leadership teams should understand where your risk factors are and implement proactive technologies, such as Content Disarm and Reconstruction (CDR), which can deliver instant protection. In the face of increasing risk and intricate attacks, there’s no better time to make cybersecurity a top priority.”
“A comprehensive security program that covers both preparedness and visibility is the foundation to successful early identification of looming insider issues,” highlights Raffael Marty, SVP Cybersecurity Products at ConnectWise. “Preparedness is about planning for the day that something happens, and it should cover simple things like what the organisation does when an employee leaves and goes all the way to establishing preparedness for a sabotage event like ransomware or electronic time bombs.
“Visibility is about having line of sight to potential adverse actions. It starts with monitoring devices but expands to understanding what employees are doing and making sure they are trained on cyber security issues like phishing, which is still one of the main initial vectors of attacks.”
All about access
Insider threats are a risk to most organisations, but unfortunately it is very difficult to prevent if the threat is malicious – the disgruntled employee will most likely already have privileges to systems and data as part of their day-to-day role.
“There are two fundamentals I suggest to mitigate insider threat risk,” explains Michael Carr, Head of Strategic Development at Six Degrees. “Firstly, using role-based access based on principles of least privilege prevents accidental damage and minimises malicious risk by only giving users access to what they need. And secondly, enabling auditing ensures that even if you can’t stop a data loss or downtime event occurring, you can analyse how the event took place and take steps to stop it from happening in the future.”
“Critical contributors to insider threats are employee turnover, poor data governance controls and negligence,” agrees Neil Jones, cybersecurity evangelist at Egnyte. “A good first step to prevent “data leakage” is to utilise a data governance platform that leverages machine learning, so that sensitive information is available to the correct organisational users, based on their business “need to know.”
“Negligence can be combated with proper training, and by limiting access to files across the company. There is no reason that someone in the finance department should have access to road mapped product development plans, without justifying their request with the product development team first.
“Limiting the spread of internal information will also enable your system to prioritise threats to your sensitive data. The best way to thwart a potential attack is by having a proactive approach in place that detects misuse before it’s too late.”
“To be secure while still effective, a collaboration solution must ensure that confidential materials can only be viewed by the appropriate individuals,” adds Dottie Schindlinger, Executive Director at Diligent Institute. “Sensitive communications should be conducted in a closed-loop environment that can be viewed only by the appropriate parties, even within the organisation.
“Open communication tools – like Slack, texting and personal email – are great for informal communication, but they don’t often provide the level of security or access privileges needed for sensitive communications between executives, the board, legal, HR, risk and compliance teams. They need secure environments and workflows that allow them to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen.”
Kahol concludes: “Multi-faceted security platforms that are designed to monitor user behaviour, secure personal devices and prevent data leakage on any interaction are essential for defending against insider threats. By taking a vigilant approach to security, enterprises can confidently ensure sensitive company, employee and customer data is granularly secure.”
Main image courtesy of iStockPhoto.com