New research by Forrester released in their Understand the State of Data Security and Privacy Report shows that organizations lack awareness of internal threats. Meanwhile, insiders were the top source of data breaches during the last year.
The insider threat might not be as malicious as it sounds. It can be as simple as employees mishandling data that leads to opportunity for cyber criminals to grab it. The Forrester report also found that 57% of employees were unaware of their organization’s security policies. Of course, sometimes the insiders are malicious, which is why it’s also important to know what’s happening on your network.
Malicious or not, it’s time to deal with the insider threat.
Know where the risk is
There are three primary categories of insider threat: intellectual property, fraud and damage to information resources. With each category insiders with a specific business role tend to be involved.
The theft of intellectual property is typically perpetrated by a creator of the property. Intellectual property created by a business for their own use might include software, trade secrets, engineering designs or drawings. When creators steal intellectual property it’s sometimes because they believe they actually own it or because they have access to it and there’s a financial incentive to steal it.
To mitigate this risk, monitor the common removal paths: company email, remote network access, storage on mobile devices, file transfer services.
Fraud is typically perpetrated by non-management and non-IT personnel and involves financial gain. Three conditions must be met for fraud to occur:
- Employee has personal financial pressures
- Employee has access; there are vulnerabilities in the organization’s process
- Employee convinces herself that the financial gain is greater than the ethical concerns
Removing any of the three conditions will significantly reduce the risk of fraud. The easiest place for a company to focus is on process. Your payroll and vendor payment systems should include checks and balances to ensure employees cannot easily create false accounts and siphon money.
Damage to information resources
Damage to information resources is typically perpetrated by IT personnel with administrator level access who aims to significantly damage a business process that will result in damage to the organization. To do that type of damage, administrator access is often required, but perpetrators don’t necessarily want to make themselves known and often set up additional fake administrators. Proper log management can help you detect any false administrators and identify who created them.
More suggestions for mitigating the insider threat
Managing your security controls will help you mitigate the insider threat:
- Access control – access to sensitive data should be controlled and on a need-to-access basis only
- Remove access rights as soon as employees leave
- Regularly review access privileges
- Create and enforce a strong password policy
- Provide awareness training so all employees know security policies
Understanding where the threats are and who the most likely perpetrators are is a good start to understanding the insider threat. Once your organization understands the risks, it’s time to put security policies into practice. As long as you have employees, you have insider threats; malicious or not, you need to protect yourself against that threat.