Thu, Sep 24, 2015

Insider Threats: How to Protect Yourself From an Inside Job

It’s a scenario often played out in horror movies. The main characters do everything they can: lock the doors, board up the windows, even set the state of the art security system yet, they are defenseless when they discover the attacker is already hiding inside their home.

In the cyber sphere, we have taken great strides to protect ourselves from outsider threats and hackers who are eager to breach our virtual walls and abscond with the valuable data inside. But while we’re busy building an impressive barricade against these types of security attacks, we cannot overlook the threat that may already sitting inside the network.

There are several ways employees, contractors and/or others who have access to your internal network, computers, and systems can do irreparable damage. Be on the lookout for insider threat indicators from the following personalities, and use the prevention tips to nip the potential for data disaster in the bud.

1. The disgruntled employee
An employee who is dissatisfied with his or her job and/or the company could do major damage with the right set of tools and the wrong set of intentions. This is potential risk increases exponentially if the employee in question also has access to the network and database.

How to prevent: Listen to your workforce. Have managers consistently check in with employees, particularly those who have a reputation for voicing their dissatisfaction. Take heed, document, and address threats, no matter how seemingly insignificant.

2. The negligent user
A minor oversight could result in a major problem. In the 2014 Sony hack, once the attackers got into the network, it was apparently a cakewalk to get into all parts of the system. In fact, lists of passwords were stored on employees’ desktops with names like “Master_Password_Sheet.” It wasn’t very hard for the hackers to get in deeper with naming conventions like that.

How to prevent: Be sure to review IT security policies with employees frequently, and particularly when new employees are onboarding. Explain the importance of securing data as the valuable property it is. These simple precautions could slow down attackers and keep additional information secure.

3. The nosey worker
This personality goes hand-in-hand with the negligent user. If an internal system has a security loophole, or sensitive data isn’t locked down, then an employee could potentially snoop in a database of information where they shouldn’t have access. Think about it if not properly secure, such a nosey worker could possibly access highly sensitive HR information and records, important intellectual property, or critical IT security information.

How to prevent: Again, regular review and IT process audits are key elements to make sure the proper boundaries are in place: review IT security policies with employees—make it clear that exceeding the boundaries for access into material that is not permitted and germane to the employee’s job will not be tolerated. Also, enforce strict least privilege rules for file or system access; that way, unauthorized access to sensitive data won’t be an easy fishing expedition.

Regardless of the type of potential insider threat personalities, it is always in your best interest to regularly monitor all databases, logs, and systems, and flag any suspicious or unusual behavior. Your pro-active vigilance can be the best deterrent to these insider threats.


Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.