teissTalk: Malicious or non-malicious – tackling the remote insider threat

teissTalk host Geoff White was joined by Hans-Peter Bauer, Senior VP EMEA, Cybersecurity, BlackBerry; Neil King, European Business & Information Security Specialist, Canon Europe; and Robin Lennon Bylenga, Human Factors in Information Security, Co-founder of global Human Factors cybersecurity council, and HFACS-Cyber specialist.

 

Views on news

 

Remote work makes insider threat more of a risk by increasing both the chance of employees deliberately undermining the security of the company or being tricked into doing so.

 

Also, employees with a grudge are more likely to take an opportunity to either steal company data themselves or hand it over to cyber-criminals when working from home. 

 

This year’s National Insider Threat Awareness Month, led by the US National Counterintelligence and Security Center (NCSC) and National Insider Threat Task Force (NITTF), focuses on preventing employees from stepping on this path and become inside threats themselves, using the theme ‘Critical Thinking in Digital Spaces.’ Cyber-criminals approach employees privately or even advertise that they are looking for employees in particular organizations. In times of economic uncertainties, employees will become more susceptible to colluding with criminals for the financial gains they offer.

 

Criminals can also take advantage of remote workers knowing their colleagues less than before. In addition to training staff, implementing access management software and network segregation, it’s also key that organizations have a mechanism for monitoring social media and the dark web, channels that criminals tend to use when approaching their victims.

 

Having realised the importance of security and the changes in buyer preferences, BlackBerry has now become a leading provider of intelligent endpoint security solutions that can be deployed in WFH environments too.

 

How to detect and eliminate internal threat?

 

One way of minimising the risk presented by inside threat is to monitor employees, which can only happen in EU countries with the consent of the subjects. Companies also need to put resources towards neutralising the data they gather, which makes it harder to tie illicit behaviour to inside threat actors. Contextualising anomalous behaviour is key to eliminating false positives – an employee logging on at 3 a.m. may mean rather different things if they’ve just had a baby or if they are about to leave the company.

 

Bans on default passwords in the EU, the UK and California are also expected to raise users’ awareness of secure access management. In addition to sectioning of access and implementing the principle of least privilege, UEBA solutions can also be instrumental to internal security.

 

Especially so, as a recent study found that 70 per cent of young employees completely ignore any IT security policies. Although HR knows the most about the circumstances of individual employees, e.g., who is about to hand in their notice, teams should play an equally important role as they engage with colleagues and learn about their problems on a daily basis.

 

The panel’s advice

 

Training janitorial staff in order to teach them what signs they should look for to detect insider threat can increase the effectiveness of monitoring.

 

UEBA (User and Entity Behaviour Analytics) can provide great insights for IAM and risk teams.

 

Make your people feel comfortable about reporting things that they detect and find unusual or alarming.

 

Efforts to improve employee well-being can also be an important factor in the prevention of insider threat from disgruntled staff members.

 

Watch on-demand here.