Managing Insider Threats

By Sharon Sarah Thawaney, Intern at Cyber Peace Foundation

An insider is an individual who is hired by an agency and has access to facilities, sensitive information, organisational data, information systems and other equipments. They may have accounts giving them legitimate access to computer systems, and hence, with this access which have been initially allotted to them as their prior duties; these in turn can be used to bring harm to the organisation.

An insider comprises of employees, third party contractors, and business partners as well; basically all those who have legitimate access to that data and infrastructure. Most common insiders are those that have elevated access where they can utilise sensitive information without drawing suspicion. Insider threats can entail abuse of privileged access to steal, corrupt, or destroy valuable company or employee data.

An insider may attempt to steal property or information for personal gains, or to benefit another organisation or country. These attacks may range from information data being stolen to destruction of business property. Insiders may perform the following threats against their organisation :-

According to a report by the Association of Certified Fraud Examiners, US Organisations lose an estimate of $652 billion dollars to fraud annually.

Unfortunately the threat of fraud is not limited to the threat of an insider, but there are other factors like sabotage, negligence, human exploitation and error to be considered.

Many a times like all other business organisations, leaders tend to put their faith on their own judgement and intuition upon the people the hire, while putting forth the best interest of the organisation at heart and exercising appropriate care when it comes to the company’s security. But due to men’s strong adventurism, at some point the trust gets betrayed by a malicious insider. And as absurd as it may seems even human negligent seems to be one of the leading factors of insider threat.

Although you cannot completely eliminate the risk posed by insider threats in cyber security, there can still be ways by which you can undertake to reduce the chances of a breach; and the potential damage an insider can cause by making security a priority.

When developing policies to mitigate or prevent insider security risks, security officers must consider specific approaches and tools. However this can be challenging for various reasons :-

Recent industry research demonstrates the increasing importance of Insider Threat Management, with security experts define these attacks the most silent and devasting.

The most serious security threats in cyber security usually occur when employees and partners leave vents intentionally open for perpetrator, either through personal negligence, poor or inadequate security practices, or both.

Unsecured Software

This is the first major security threat. This problem highlights the undying fact that most hackers are motivated by profit and not by challenge.

From unpatched vulnerabilities to third party apps installed by employees, unsecured software is one of the biggest threats to companies. According to Verizon’s 2015, Data Breach Investigation, 99% of successful hacks have been known for at least a year. Sometimes the IT team is negligent, but often there are complex organisational or infrastructural problems behind poor software security; like the staff maybe many a times be overburdened and may not have the time to keep overburdened with the latest patches, or not have the necessary expertise in systems administration. Companies may also at times store old data in silos, and these serve as back doors for thieves.

Hence therefore, this is a complex problem and requires a really good solution as well. On the administrative end, companies need to audit their systems, and make sure their software is up to date, and regularly being patched. Legacy systems should be mitigated to more secure, to more modern systems. For employees and contractors, companies need to strictly control app use, enforcing a software whitelist to prevent breaches through low-security apps. And most importantly they need to mitigate risks of potential security breaches through the use of encryptions, combined with the use of good password enforcement and access control, encryption will make breaches less likely, and drastically limit how much information can a hacker access. It narrows down the proportion of the loss of a few records, and a big, expensive breach.

Unsecured Devices

Its seen that it is much harder to secure mobile devices scattered around the world then it is to secure a row of office computers on a company network.

There are a huge number of ways employees can breach security on their personal devices, including -

The following are a few ways to combat the above :-

Bad Access Practices

In a recent survey, it has been pointed out that 73% of online accounts use duplicate passwords, and 47% of users have not changed their passwords in five years or more. Plus there is always the prevalence of easily hackable passwords like “1234” or “qwerty” and so on. So, if an employee shares one esily guessed password across their accounts, in just a flash the hacker will be able to get access to EVERYTHING — bringing the whole system down.

Other bad access practices include ;- * Storing passwords in browsers or on shared or pub;lic computers. *Failing to clear the browser cache after using public browsers. *Leaving computers logged in and unsupervised. *Jumping online secured wifi

Saving passwords in unencrypted documents.

You can never completely erase the carelessness of even the best employee, but you can mitigate the risks. One of it is by employing, multi factor authentication, by which employees will have to enter both a password as well as a code sent to their phones every time they login. Along with a strong password policy needs to be implemented, with frequent changes to reduce the risks of breaching into an employees account.

Email Accidents

Email accidents happen all the time. From sending the wrong mail to somebody or maybe sending it accidentally to “all”, instead of just one particular person. Many of us have faced this, little did we know how serious this can be when dealing with a potential risk of hacking. One mistyped address can break compliances, or even leak a document.

Hence there should be certain rules to be followed that can be followed to reduce these very fatal accidents-

There should also be the proper training of an employee in accordance to these rules, decreasing the likelihood of future compliance violations while preventing immediate breaches.

Malicious Insider

There will always be insider threats in any organisation, as you cannot keep your data 100% safe from the people you give it to manage it. Insiders are always going to a major risk, as they are past your defences. They know and have the sensitive data at hand, and know the exact weaknesses, which can help them get out their value.

The only hope of overcoming these tendencies is making security a priority across the organisations. No matter how good your intrusion detection systems and firewall, careless and malicious insiders will always pose a threat to security. Encryption prevents catastrophic breaches, by building walls around each piece of data.

The complexity of detecting and responding to insider threats means that there is no single solution that can claim to eliminate the risk entirely. Instead, organisations should look to implement a layered approach, encompassing a range of security controls and processes.

CITATIONS:

Related posts:

Existen numerosos artículos donde encontramos información sobre el ciclo de inteligencia OSINT. Partimos de un dato (fotografía, nombre de usuario, dirección de correo electrónico, localización…

Over the past couple of years, I journeyed down to UNHCR’s branch office in Lilongwe, Malawi multiple times, working across projects from connectivity to community radio. The communities of Dzaleka…

I am seeing a TON of hype right now about the end of the decade. But I’m not great with endings. They can be messy, and you can’t change the end of things. Personal or business. Beginnings are…