Did you know that September was Insider Threat Awareness Month? Wait, what is an insider threat? An insider threat can be described as anyone who uses their authorized access intentionally or unintentionally to harm the organization. Naturally, this causes a security risk posed by people working within an organization, such as employees, contractors, and even vendors who have access to information that is considered confidential. Unfortunately, there are various reasons why employees may engage in malicious behaviors such as financial gain, revenge, or simply to cause harm. Therefore, individuals and organizations must continue implementing comprehensive security measures to prevent these events.
There are several indicators of insider threats, but let's just talk about a few. If you see confidential files on a colleague's computer for which they are not directly involved, this could be an indicator. It is best practice to operate under a strict need-to-know environment, which means exactly what it sounds like, as users should only have access to material essential to completing their job. Perhaps a colleague is showing off a new Lamborghini and a new pool they just installed in their house. These items may stem from a legitimate source of income or an inheritance, but they could also indicate an insider stealing funds covertly from a company.
One of the more prevalent tactics used by malicious insiders is the use of Social Engineering. The act of manipulating users into revealing confidential information or performing other actions that are detrimental to users is a way to describe Social Engineering. For example, a cybercriminal may pose and work as an IT Helpdesk user within your company. The user provides superior work and no red flags have been discovered that would lead anyone to believe the user has nefarious intentions. However, the user mysteriously stopped showing up to work, and it was discovered that they could gain access to company funds, which naturally caused a significant disruption within the workplace. Furthermore, a Security Engineer later discovered that this user could access the system because one of the accountants working in the same office, left their password on a sticky note. Social Engineering can also be as simple as someone calling you on the phone asking to disclose personal information that would provide elevated access.
The notion that September was Insider Threat Awareness Month is misleading because we are on alert for insider threats 24/7. So, how can insiders be mitigated or prevented altogether? Below, you will find examples:
- Education: Employee education and awareness is an essential component in combating insider threats! In fact, this training should include the latest information regarding insider threats and the overall Cybersecurity landscape. Employee education and training is the most crucial component of building an insider threat program.
- Clean Desk Policy: Even when working from home, please make sure to place all confidential materials in a locked and secure filing cabinet.
- Encryption: Use encryption technology to protect Personally Identifiable Information (PII) and Protected Health Information (PHI) when sending attachments.
- Reporting: Establish a culture of reporting potential insider threats to upper management and the Cybersecurity team.
- User Behavior Analytics (UBA): UBA software and access control systems can be utilized by anyone to provide context regarding concerning behavior.
- Security Information and Event Management (SIEM): SIEM tools such as Splunk can analyze, collect, and report on event data in real-time.
- Multifactor Authentication (MFA): Always use MFA, when possible, to lessen the chances of unauthorized access.
As innovation and automation continue to rule the world of technology, combating insider threats is of seminal importance to any organization. The need for robust solutions and user education should continue to be at the forefront of organizational cybersecurity. Users must also be aware of the latest cybersecurity-related threats so that they do not make unintentional errors. The only certainty regarding insider threats is that they are ubiquitous and will never stop. As always, it is essential to remember that hackers only need to identify one weak point to steal valuable information, but we must be prepared for all possible threats!