Insider Threats: Keeping the Cyber Boogeyman Out

3

There’s a reason why National Cybersecurity Awareness Month coincides with the Halloween season. After all, what’s scarier than a cybercriminal making his way into an organization? Well for starters, how about the employee that may unknowingly be to blame for giving him access.

The cybersecurity industry’s beginnings were all about protection from the cyber version of the “boogeyman.” Developing technologies like firewalls and anti-virus, as well as security information and event management tools (SIEM) to identify the start of an attack from external sources, the industry was focused on defense-only strategies.

However, the cybersecurity trailblazers of the early 2000s overlooked the importance of prevention. Today, the advancement of technology has given the cyber boogeyman access to modern-day organizations and free reign to conduct malicious activity and take advantage of unintentional insider threats. According to recent Vanson Bourne research, insider threats are rapidly becoming the number one source of cybersecurity threats. With more than 88 percent of organizations experiencing cyber risks caused by careless employees, there’s a lot to be said about the current state of cybersecurity awareness and training (or lack thereof).

To better address the growing threat that today’s employees pose, organizations must first identify where they (often unknowingly) lurk.

Find out where the cyber boogeyman is hiding

The cyber boogeyman is a shapeshifter of sorts, masking itself in a variety of different ways to attack organizations. However, there are three “forms” that appear most frequently:

1. Malicious insiders:

When considering insider threats, many often think of this as deliberate malicious activity. Characterized as employees who attempt to steal or leak data to purposely damage the organization, high-profile companies are often at risk (similar to the incident in which a Morrison’s supermarket employee stole the data of 100,000 staff members.)

2. Careless insiders:

Perhaps the most frightening of all, careless insiders are exactly what they sound like – employees who simply don’t care or aren’t aware of their company’s workplace cyber policies (60 percent of them to be exact). This can come from those who send confidential data over unsecure networks or use public file syncing platforms (e.g. Google documents) for information that could put the organization at risk of leaks.

3. Compromised insiders:

The compromised insider is often the following result of a careless insider. Often recognized as an employee whose email account has been taken over by a malicious actor through credential harvesting, social engineering, phishing emails or malware to steal information or make fraudulent financial transactions, these “insiders” are increasingly becoming a prime target for cybercriminals. So much so that the same Vanson Bourne report referenced above found that 49 percent of organizations have experienced malicious activity spread from an infected user (the compromised insider) to other employees via infected email attachments.

Learn how to tame the beast inside

Thankfully, for those who worry about the cyber boogeyman lurking throughout today’s offices, there is no shortage of strategies to combat him. When working to identify the solution(s) that work best for organizations’ needs, three things should be kept in mind:

1. Invest in cyber training and awareness for all employees

Training employees – C-suite members included – regularly is key to avoiding careless or compromised insider incidents. Today, just 11 percent of organizations continuously offer cybersecurity exercises and trainings to help them gain a greater understanding of the basics, as found by the Vanson Bourne research. The further developed their awareness and knowledge becomes, the more likely they are to identify, prevent and stop active threats from interrupting business.

2. Use role-based access management

Limit malicious actors’ power in causing significant damage by using role-based access management controls, particularly for critical systems and highly-privileged users, such as IT administrators. By restricting users’ access to information beyond what they truly need to fulfill their day-to-day responsibilities (e.g. the marketing department’s access to employees’ W2 forms), cyber criminals’ “target pool” shrinks.

3. Deploy the right tech for each respective organization

Monitor and block the movement of sensitive data outside the organization via email, web, attachments, the cloud and more. Ensure that the technology is working in real-time – meaning, it isn’t introducing any kind of meaningful latency in analysis of incoming threats. It should be able to provide a conclusive result (quarantine vs. clean) instantly.

This month especially, be sure to avoid living out your own cyber horror story. By identifying and limiting the power the cyber boogeyman has over employees, companies can help to safeguard corporate data, defend their businesses and, ultimately, protect their bottom lines.

Share.

About Author

Meni Farjon is Chief Scientist of Advanced Threat Detection for Mimecast

3 Comments

  1. Pingback: Insider Threats: Keeping the Cyber Boogeyman Out - CTOvision.com

  2. Pingback: Cybersecurity Roundup: Education is Key to Avoid Insider Threats and Common Mistakes That Lead to Vulnerabilities - Edge360 Online

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.