29 Sep Insider Threat Prevention in Cybersecurity
Insider threats have always been a significant possibility for many organizations, but in recent months we’ve seen a boom in incidents highlighting this particular risk. Insider threat prevention can be a difficult task to handle, as it generally encompasses viewing your own employees in a poor light and visualizing the negative impact they could cause.
It’s also unsettling to recognize that you will never be able to eliminate insider threats within cybersecurity, because there’s no way to keep data completely safe from the people you give it to. Insider threats know your weaknesses and are already past many of your defenses.
In the blog below we will define insider threats and what your organization can do to prevent both insider threat instances and the negative results that follow.
Insider Threats Defined
An insider threat is, as the phrase implies, a threat that comes from inside your organization. If you want to simplify it more, insider threats boil down to the risk of malicious or negligent human action.
According to the Department of Homeland Security, intentional insider threats include sabotage, theft, espionage, fraud, and competitive advantage. These are malicious in intent, but not necessarily any worse than unintended actions. These types of threats include human error or unintentional aiding and abetting, such as ignoring policy for convenience, clicking on phishing links, or losing credentials. Both malicious and unintentional actions have the capability to cripple an organization.
Who insider threats include:
- Current employees
- Former employees
- Business partners
- Any person with inside information or access
The Surge of Insider Threats
In recent months we’ve seen cybercriminals taking advantage of the global pandemic, increasing both the frequency and scope of their attacks on unprepared organizations.
Deputy assistant director of the FBI’s Cyber Division, Tonya Ugoretz, stated that the Internet Crime Complaint Center was receiving between 3,000 and 4,000 cybersecurity complaints each day. This is a notable increase from about 1,000 complaints that were received prior to the COVID pandemic. While we don’t have an exact number, it’s safe to assume that a large portion of these incidents is resulting from insider threats.
According to Verizon’s 2020 Data Breach Investigations Report, 30% of breaches were caused by insiders.
Lately, we can understand the increase in breaches by taking a closer look at our workforce. This is a difficult time that evokes a lot of emotions, which can cause people to act in new, unpredictable ways. As we discussed, insider threats can be intentional or negligent.
Current factors that can create intentional insider threats include how the company reacted to the COVID crisis. Perhaps a specific employee was laid off, suffered a pay reduction, or was forced to work in an environment they believed to be unsafe. All of these instances can trigger an emotional response that expresses itself in the form of sabotage. A financially motivated employee might resort to theft or espionage, either to make up for lost wages or just to take advantage of a situation.
Unintentional mistakes are even more likely because many employees would not have received the proper training to work remotely, and many companies reported difficulties managing user access and VPNs. The reality is that not many businesses were prepared to work remotely on the scale that COVID forced. Some workers may have even used unapproved software or device to simplify tasks that became more difficult from a home environment. In an environment where work policy is not clear, users may resort to personal practices that may not be the most secure. These include saving passwords online, not locking your device when leaving it unattended, or browsing the web on an unprotected network.
Examples of Insider Threats
Typically insider threats are related to access or information that an individual has. This can include theft of materials if a shop manager has access to a storage unit, installing malware, selling code to a competitor, financial fraud, leaking employee documents, and countless other examples.
Whether due to intentional interference or employee negligence, these incidents have highlighted an important security risk: insider threats.
Ransomware remains a prevalent threat to organizations as well, capitalizing on employees working in new, unfamiliar environments. The shifting workspace brought by COVID has required everyone to adapt to new policies and procedures, often without time for proper training to occur, creating a vulnerability. Even as some employers reopen their offices and stores, many employees may still be operating remotely or on a hybrid schedule. The result is an expected increase in insider-caused information security compromises as the pandemic continues.
Preventing Insider Threats
To prevent insider threats, organizations need to maintain communication with their employees and foster a positive work environment. With millennials, which will make up 75% of the workforce in the next 5 years, appreciation goes a long way. According to a study, 28% say that feeling appreciated contributes to employer loyalty. A happy, more loyal employee is less likely to intentionally create issues, and also less likely to make mistakes.
In addition to caring for your employees, follow the steps below to reduce your risk.
Know Insider threats
First, organizations need to be aware of the potential of insider threats and the different possibilities that could unfold. Knowledge is the key to prevention.
Implement a system for detecting abnormal behavior. Organizations, knowing what to look for, can begin monitoring for suspicious or risky activity. Managers should have a good handle on if their employees are ignoring policies or engaging in tasks outside of their normal job functions. Keep detailed records of everyone’s access and review periodically. Review logs of downloads for sensitive information and scan employee emails for abnormalities.
Restrict access, limit workers to only data necessary for their jobs. Create and enforce policies and controls that disallow the use of unauthorized behaviors or tools. Examples include locking workstations, prohibiting flash drives, password requirements etc. Increase employee training and highlight cybersecurity issues with remote working.
Companies that are able to anticipate insider threats utilize the resources towards proper prevention and stand the best chance of mitigating insider threat risk.