Insider Threat – Is your organization at risk?

With the ongoing pandemic, companies have increasingly adopted work from home policies for most of their employees, contractors, suppliers, and partners. This digital transformation provides the flexibility to work from anywhere, but it doesn’t come without a risk. Insider threats are a looming security concern for many organizations today. Insider threats arise when employees or contractors accidentally, or deliberately, misuse a company’s sensitive data or access privileges, and become involved in malicious or fraudulent activity that puts the organization and its data at risk.

As organizations begin to adopt cloud technology, there is a risk that data will be stolen, or your systems will be sabotaged by an insider threat. Cloud environments are more vulnerable to insider attacks due to weak identity and access management, insecure authentication, or insecure API’s. This is primarily due to the lack of tools to monitor for abnormal behavior across their cloud infrastructure.

Understanding the Causes and How They Occur

Insider threats occur due to compromised accounts, careless misuse, or malicious insiders. Improper compliance and poor security hygiene, such as account sharing, can lead to account compromise and insider attacks. The primary goal of these attacks include financial fraud, the theft of intellectual property (IP) to sell, IT sabotage, snooping, or leaking sensitive information.

Flight Risk Behavior

An employee who is on the edge of being terminated or otherwise leaving an employer many exhibit flight risk behavior. This behavior might lead to the exfiltration of sensitive company information such as IP, company financials, financial account fraud, customer data, or data loss through corruption or deletion. According to the 2020 Insider Threat Report, almost 80% of employees planning to leave an organization take data with them. This is the cause of 60% of the insider attacks that happen in an organization. After evaluating 300 confirmed incidents over eight different industry verticals, pharmaceutical companies (28.3%), financial organizations (27.7%), and IT organizations (13.2%) ranked the highest for insider threat attacks.

As organizations go through a digital transformation and migrate to the Cloud, data exfiltration is increasingly accomplished through emails, web uploads, or cloud storage sites. The theft of data by USB or hard drive is less common as organizations have hardened endpoints such as laptops and workstations. The use of cloud collaboration tools like Dropbox or Box to share data poses an increased challenge to security operation teams when trying to detect insider threat attacks.

Protect Against Insider Threats – Beyond the Perimeter!

Many organizations use traditional technologies like data loss prevention (DLP) tools, privileged account management (PAM), and other point tools to detect and mitigate insider threats. But there is no ‘one size fits all’ solution that can prevent and mitigate these risks. Point tools or solutions aren’t sufficient to be able to detect and defend against insider attacks due to the complexity of the cloud environment and the lack of effective monitoring tools. In addition, it requires advanced security analytics to detect these anomalies and abnormal behavior patterns.

A recent webinar “Protecting Against Insider Threat 2020”, jointly hosted by Forrester and Securonix, highlights behavior patterns, detection techniques, key trends, and observations on insider threats as well as discusses some of the best practices that you may want to include in your insider threat program in your organization.

Some key considerations you may want to consider are:

  1. Implement effective tools to gain increased visibility into 3rd party access.
  2. Improve the effectiveness of your existing DLP tools.
  3. Use UEBA (user and entity behavior analytics) to cover the blind spots in your DLP tools and to monitor user behavior in cloud infrastructure.
  4. Training and educating employees.
  5. Use robust process to control what your employees have access to, and broadly minimize the risk by limiting privileges and permissions to confidential information.

Bottom Line

Insider threats are a major security concern for most organizations today, as they can cause devastating losses. With the COVID 19 situation, insiders new reside beyond the traditional enterprise security perimeter, making it difficult for traditional security solutions to detect. UEBA is an essential requirement in order to be able to detect and protect against insider threats.

Further Reading

The Ghost in the Machine: Tracking Stealthy Fileless Malware in the Windows...
5 Cyber Threats Facing the Financial Service Sector in 2024
What is Network Detection and Response (NDR)?
What is the MITRE ATT&CK Framework?