According to research from CA Technologies, over half of cybersecurity professionals, or 53 percent, have confirmed an insider attack against their own organization in the past 12 months. These insider threats have had disastrous, sometimes even tragic results, for governments and businesses alike. There is a widespread desire to better protect against insider threats, with the same research noting that 90 percent of organizations recognize it’s necessary to monitor and profile how insiders are accessing sensitive data.
However, most companies still need to enact best practices to combat internal actors that might pose a risk – be it through accident, negligence or malice. It’s crucial for cybersecurity organizations to have plans in place to identify, access, and address insider threats. This means deploying the right policies, increasing awareness and training, shifting culture, and rationalizing technology. Not all insider threats are malicious. Many are honest mistakes or careless behavior, but that doesn’t change what’s at stake.
State of Risk
An insider threat is the potential for an individual who has/had authorized access to an organization’s sensitive data or assets to put the organization at risk and negatively impact various aspects of the business. An insider attack can be expensive or impossible to remedy, not to mention the cost of rebuilding brand trust and image. According to further research from CA Technologies, 66 percent of organizations consider malicious insider attacks more likely than external attacks.
There are various behavioral traits that can help identify the risk of an insider threat. Common ones include resignations, being let go, a lack of proper training and education, and discontent, as identified by voiced grievances about dissatisfaction regarding the company.
Insider threats can have access to everything from IP-related data, company financials, privileged account information, personal employee data, and operational and infrastructural data. As security stacks are becoming more complex and many firms are not properly training employees on secure use, insider threats have only grown.
The best way to mitigate insider threats is to take a checklist approach against the various components of preparation, protection and ongoing training that organizations need to help mitigate the risk of insider threats or the impact thereof.
For example, policy and process is crucial. Does your team have processes in place to reduce the likeliness of insider threats? Do you have the right team in place to do this, e.g. a task force that includes leadership, IT, HR and other stakeholders? Are these processes being monitored for effectiveness and updated when necessary? Do you have the right tech in place to support policy compliance the same way that you plan for, deploy, monitor and adjust technology used in other facets of your business?
Of the utmost importance is awareness and training. Companies should have programs in place and ensure C-suite level folks as well as managers across the board as well as internal communication teams are reinforcing that program. Organizations should all have a security culture improvement program, but especially those within the cybersecurity industry.
Government enterprises can face additional challenges, like the recent 35-day partial government shutdown, that can exacerbate the risk of internal threats. It’s very difficult to show your employees that they are valued when they are being furloughed or asked to work without pay. But across industries, employees need to feel like they’re important and part of a greater team working towards the same goal. This makes it less likely that you will have disgruntled employees who seek to harm the company or are careless and cause accidental harm.
A More Balanced Internal and External Threat Investment
Organizations must both evaluate current risk and the measures in place to mitigate internal, as well as external threats. While threats can come from unlikely places and people, there are well-known and tracible triggers for insider attacks that allow security teams to organize effective detection and barriers to harm.
Ultimately, companies must invest the same level of technology that they do externally, within their own walls. Best practice calls for identification, proactive, and reactionary measures. While we will never have ultimate control over risk associated with any attack, organizations have a much greater opportunity to take measures to understand and combat internal risks. It’s time to act on that opportunity.