?
JAVVAD MALIK,
SECURITY
AWARENESS
ADVOCATE AT
KNOWBE4
I
nsider threats is
a term used to
combine a number
of threats and can
mean many things.
At a broad level,
there are three main types of threats
which form an insider threat. A malicious
insider, a non-malicious insider and a
compromised insider.
Neglecting to foster
a security culture
and ignoring the
human element is a
mistake no company
can make in this
day and age.
www.intelligentciso.com
|
Issue 21
Malicious users are aware of their
actions and the negative implications
on the organisation, yet still pursue that
course of action. It can include users
who take company information when
moving jobs or disgruntled users who
want to damage the company. At the
extreme end are employees engaged
in corporate espionage, who provide
intellectual property or other sensitive
information to competitors, criminal
gangs or nation-state sponsored actors.
Non-malicious insiders are those users
that perform actions which have no
ill intent but can nevertheless cause
harm to an organisation. For example,
shadow IT, where users will procure or
use a cloud application such as a file-
sharing app to increase productivity, but
inadvertently expose the company.
The final often overlooked category is
that of compromised insiders. Typically,
this is where credentials have been
guessed or captured as part of a
targeted attack. Although the actor
editor’s question
Often the best
detection and
remedial action
is having a strong
security culture within
the organisation
so that people
themselves can help
to identify any issues.
behind the account is not an employee,
the use of legitimate credentials would
show up as if it were an employee.
As insiders form a variety of threats, a
layered approach should be taken. This
includes technical controls which can
look at user behaviour and raise alarms
where something appears out of the
ordinary, such as a large transfer of files
to external destinations.
When dealing with humans, often the
best detection and remedial action
is having a strong security culture
within the organisation so that people
themselves can help to identify any
issues. For example, it is rare to see an
employee become disgruntled overnight
and come in to cause harm the next day.
So, having good line managers that
can spot the signs early and who can
help affected employees would be a far
more effective approach than relying on
technology alone.
Ultimately, it’s a delicate balancing
act. At the moment, technology is not
sufficiently advanced to fully understand
humans and make rational decisions,
which is why, in today’s enterprise,
everyone has a role to play in ensuring
the security of the organisation, and
their colleagues. Neglecting to foster a
security culture and ignoring the human
element is a mistake no company can
make in this day and age.
29