INSIDER THREAT

Threats that result from the actions of an employee, former employee, or stakeholder. Insider threats can be intentional or unintentional.

Significant damage can be caused to a company from anyone who has, or at one time had, access to confidential or proprietary information. Insiders have knowledge and understanding of internal processes and structures, making it easier for them to cause incidents. As they already have access to company systems and physical, it can also be much harder for those incidents to be detected; this is a good example of why a company cannot rely solely on security software to detect threats.

If an insider is actively seeking to harm a business, then they may use their login credentials to steal customer data or Intellectual Property, sabotage data or applications, or even expose sensitive email conversations which could cause reputational damage. These types of actors could be acting on personal motives (financial, emotional, or political), for a competitor, or under direction from other malicious parties e.g. extortion attempts.

The unintentional insider threat can be just as damaging. Although there may be no intent to do harm, employees often make mistakes, they can have their accounts compromised, and they can also be socially engineered by attackers to enable malicious actions. Unfortunately, the majority of security incidents can be traced back to human error in some capacity.

ADVICE

Implement good hiring policies - make sure staff are vetted to a suitable degree. This should extend to third-party vendors, sub-contractors and other partners.

Review firing policies - this includes revoking user access to systems before employees are informed that they are being let go, escorting them off premises, and changing any login credentials that they might know of.

Use the principle of 'Least Privilege', which maintains that employees should only have access to data which they need for their role. Reducing the number of privileged staff means fewer staff who can conduct malicious activity, fewer accounts to be hacked, and fewer people to make high profile mistakes. With this in mind, it's important to update employee privileges when they change jobs, so they don't retain access to unnecessary and sensitive data.

Segregation of duties - although you should reduce the number of privileged staff as outlined above, it's also good practice to make sure that business sensitive processes require more than one person to complete them. This can reduce fraud, error, and overreliance on single employees.

Monitor user action. There are software solutions which monitor work sessions and network performance to detect abnormal user behaviour - this can be an option for organisations who have the budget and need to put this in place. Alternatively, if this isn't a suitable option, use the information available to you to observe how staff operate. It may be good practice to analyse business performance at certain times e.g. when certain employees are away on leave/busy financial periods etc.

Implement regular cyber security training - this should cover all manner of threats, including social engineering and associated attacks such as Phishing/Spear Phishing/Business Email Compromise/CEO Fraud. Build a healthy working environment which encourages open communication. Not only can this reduce the likelihood of employees becoming malcontent, but staff will be more ready to discuss any security concerns they might have around their own work and that of others.

By using this website you agree to our use of cookies to enhance your experience. I understand