How can we mitigate the insider threat?
28 August 2018
Vendor View: Simon Cuthbert, Head of International, 8MAN by Protected Networks, discusses the reality of controlling the insider threat.
Cyber security strategies are crucial to any business, but how many businesses have a full strategy in place?
The need is apparent, and the risks are real, with red flags raised almost daily as news of yet another data breach hits the headlines. Whilst many organisations have technology and solutions in place to protect against hackers and outside vulnerabilities – the true threat comes from trusted insiders - both malicious insiders and negligent insiders.
The threat from malicious external hackers is often perceived as the larger and more critical threat, but attacks stemming from the hands of employees continue to wreak havoc. In fact, according to a survey of its attendees, organisers of the annual Black Hat security conference showed that 84 percent of cyberattacks reported had been due to human error.
The threat for any company, whether they have just 10 employees, or one hundred, is that they already have access to critical business systems and sensitive data. They are already one step ahead of the outsiders. The risks, however, don’t lie with those who have access based on their role and need, but those who have too much access. Additionally, those who change roles and shift responsibilities but still have access to unrestricted information - if employees continue to gain permissions they don’t require, they could very easily abuse this access.
The difficulty with employee access is being able to differentiate between a day to day job function and something more illicit. This is exacerbated when organisations allow access based on membership of a group or when they have different processes to grant access to software platforms. When dealing with trusted and authorised users, businesses need to have the ability to analyse, track and monitor who has access to what, when and how – this is critical to securing intellectual property.
User Access Control policies and practices are crucial to impeding an insider’s ability to access sensitive information unnecessarily or use it for wrong doing. Businesses need to manage access controls, user permissions and monitor user actions to help avert or limit an organisation’s exposure to insider attacks. By managing and monitoring access to key assets, they are able to react faster to mitigate incidents when an anomaly is spotted. Policies can be straightforward, as simple as ticking a box that prevents employees having more access to confidential data than their current job requires. Additionally, this should be reviewed to avoid employees accumulating access rights and not having them revoked when required.
Organisations need to employ solutions that give them the visibility and control they need in order to protect access to their data. Of course, like all IT-focused solutions, organisations need to choose something that's efficient and effective but also easy-to-use. Employees need a simple way to ask for access, IT admins need a simple but structured way to grant that access, and senior management need reports that are easy-to-read and digest and offer a clear overview of the access situation at all times.
This isn’t simply a means of protecting data, but also ensuring compliance with regulations such as GDPR. By having the right solutions in place, if a business should be audited at any given point, an auditor will be able to see all the access rights of an employee. Businesses can show who has access to particular folders, and reports can be configured with just a few clicks, are understandable by everyone, and can be transmitted automatically.
Policies that limit access, combined with employee education, are crucial. If organisations start to face the reality of insider threats, they’ll invest more in preventing these security incidents from happening, and less time investing time and money into the fallout after a breach has occurred.