If you think a strong security system is all about how well it can restrict infiltration by intruders into your infrastructure then it’s time to re-think what security means. While protecting your business from external attacks is important you shouldn’t ignore the possibilities of internal security breaches either.
A recent SANS survey on insider threats sponsored by SpectorSoft, conducted on 772 IT security professionals across several industries, revealed some surprising and interesting information about how they detect and prevent insider threats.
Let’s take a look at the key findings of the survey and see what we can learn from it.
Common Causes of Internal Threats
According to the findings, here are several reasons why insider threats occur. The good news is that anomalous behavior is a common thread that organizations can use to identify and respond to these threats. User Behavior Analytics detects unusual activity or behavior by authorized users on the inside—whether it’s an overt inside attack or an outside attacker using compromised credentials.
52 percent respondents noted that negligent employees, who are targeted by attackers and manipulated without their knowledge are the major inside threat.
Inability to Protect from Inside Attacks
68 percent of respondents believe they can prevent attacks, but 75 percent of inside attacks go unreported, and surprisingly 36 percent of organizations find a lack of evidence as the major reason behind it. While organizations can repel basic attacks, they fail to protect themselves from inside attacks.
High Dependency on Administrative Solutions
Heavily relying on administrative solutions such as policies and procedures without having any technology in place to monitor compliance and enforcement make businesses vulnerable to inside threats. 40 percent of the respondents admitted that a lack of technology solutions makes their jobs more difficult.
Security Tools Ineffective Against Internal Threats
36 percent of respondents admitted their preventive measures are ineffective. The reason is that the most common devices being used such as firewalls and IDS/IPS are only capable of defending against external threats, and not internal ones.
Similarly, although 69 percent of respondents said they have an incident response plan (IR) plan in place, half of those plans do not include any specific provisions to counter internal threats.
Not Looking in the Right Place
66 percent of respondents said they never experienced an internal attack. While that sounds good, there could be a possibility that they never realized the attack happened.
You need to alter your action plan and security strategy by checking access logs and conducting internal audits on the use of memory sticks and external hard drives on your computer systems. These tasks can be automated as well by using tools that focus on such insider threats.
Assessing Your Vulnerability
According to the report, here are a couple of questions you need to ask yourself to assess your organization’s vulnerability to insider threats.
- What information has a higher exposure to the attack? What systems contain that information?
- Who has access to sensitive information? How would the attacker target that individual?
- What could be the easiest way to compromise an insider?
- What measures and solutions do you have in place to detect and prevent attacks?
- Are there any loopholes in how you deal with insider threats?
- Does your current IT budget address insider threats well?
So can your security system detect and protect you from insider threats? Have you experienced any internal data breaches? Does your organization have tools to monitor user behavior and alert on unusual activity?