editor’s question
KARL LANKFORD,
DIRECTOR OF
SOLUTIONS
ENGINEERING,
BEYOND TRUST
W
hen we think of
insider threats,
we often imagine
disgruntled
employees
seeking revenge
on their former
employer’s business. In reality, a vast
majority of these threats are most often
caused by honest mistakes such as
clicking on malicious links or opening
phishing emails. Either way, insider
threats can be very difficult to detect
and pose a threat that businesses
struggle to address.
In fact, in our Privileged Access Threat
Report from this year, we revealed that
two-thirds of IT professionals believe
their organisation has likely had either
a direct or indirect breach due to
employee access in the last 12 months,
with 58% treating the threat of misused
or abused insider access as critical.
So how can organisations ensure they’re
effectively protecting themselves to
28
address this risk? Here are my top tips
on combatting the insider threat.
Control or eradicate email
attachments and links: Emails are the
primary attack vectors in use today and
while a message in itself may not be
dangerous, links and attachments are.
Today’s security product vendors are
offering real-time malware assessment
of links and attachments and will
quarantine a suspicious attachment and
prevent connecting to a dangerous link.
Properly manage and control
access to data and critical systems:
Role-based permission, removal of
administrator access and the principle
of least privilege are your friends. Work
with your HR team and line of business
managers to understand user roles and
the types of application and data access
they need to do their jobs. Then, assign
The critical element
is not the source
of a threat, but
its potential for
damage.
only that access level and no more. Take
advantage of identity governance and
PAM solutions to effectively manage
role-based permissions for onboarding,
role changes and offboarding and
removing access when employees leave
the business.
Know where your data is: An important
counterpart to my second tip is knowing
where mission-critical and sensitive
data resides in the system so that
you can lock it down with appropriate
permissions. If you don’t know where it
is, how can you protect it with the right
level of access?
Monitor employee behaviour and
look for anomalies: This can be
done at many levels, including action
monitoring software. It’s not intrusive
to look for excessive data dumps or
repeated attempts to look at files or
directories that are not permitted, it’s
good business.
Raise security awareness: Finally,
there is the need for ongoing security
awareness training that is an integral
part of company culture and not an
afterthought or a ‘checklist’ item. A
company that partners with employees
to ensure security awareness will do
better than one that forces compliance
or just performs training to check a box.
However, the challenge of mitigating
insider threats is that most organisations
don’t have fully integrated privileged
access management (PAM) tools.
I’ll leave you with this important point.
While evaluating attack vectors,
researching competitors and gauging the
threat from organised crime or foreign
adversaries, it’s easy to conclude that
external attacks should be the primary
focus of defence. This conclusion can
often be wrong. The critical element
is not the source of a threat, but its
potential for damage.
By evaluating threats from this
perspective, it becomes obvious that
although most attacks might come
from outside the organisation, the most
serious damage is done with help from
the inside.
Issue 21
|
www.intelligentciso.com