O
One of the biggest threats organisations
currently face is from those already
lurking on their network. Insider threats
are difficult to detect as they are already
in your network and traditional security
techniques, such as guarding the network
perimeter, will not work. Any enterprise
that cares about protecting its brand
or reputation needs to pay attention to
the threat caused by malicious and/or
careless insiders. The damage they can
cause, due to the risks created by loss
of confidentiality or theft of intellectual
property, cannot be ignored.
High-profile cases, such as the
Snowden incident and the Capital One
breach, caught the attention of the
media and have sent a wake up call to
organisations. Incidents of insider threat
are happening every day and even those
that don’t receive mass media attention
risk causing financial and reputational
damage to the organisation. Multiple
surveys indicate that insider threats are
a key source of concern for enterprises.
According to Cybersecurity Insiders’
2019 Insider Threat Report, 68% of
organisations feel vulnerable to insider
threats – with 73% confirming insider
attacks are becoming more frequent.
Types of insider threat
There are three main types of insider,
each poses a potential risk to the
organisations. The negligent insider
is an employee or contractor who
exposed data accidentally due to poor
security practices. The complacent
insider is an employee or contractor
that intentionally ignores policies and
procedures, while malicious insiders
are those employees who intentionally
compromise data. Organisations are
far more likely to experience a cyber
incident as a result of a negligent or
complacent insider than a malicious
one; however, malicious insiders are
far more dangerous. They are typically
highly motivated and will take specific
precautions to avoid detection.
Protecting against insider threat
Shareth Ben, Insider Threat SME at Securonix
www.intelligentciso.com
|
Issue 23
Organisations are struggling to
effectively mitigate the risks posed by
insiders. However, to solve any problem,
FEATURE
firstly there needs to be a proper
diagnosis. The same approach applies
for organisations that want to mitigate
the risks caused by insiders. It all starts
with a simple, yet difficult, question –
what assets, in the form of information,
intellectual property, money or physical
resources, does an organisation value
the most; and how critical are these
assets to business functionality?
Determining your organisation’s appetite
for risk and its most valuable assets is a
critical first step.
Some customer-facing organisations
will value protecting brand reputation
the most, while others value protection
of their intellectual property. An
organisation’s answers to these
questions will determine the path their
insider threat programme takes.
Approach insider threat
with teamwork
Once organisations identify what
they want to protect, it is advisable to
68% of organisations
feel vulnerable to
insider threats –
with 73% confirming
insider attacks are
becoming more
frequent.
form an Insider Threat Working Group
(ITWG). This group typically consists of
representatives from various divisions
within the company to drive consensus
among key departments like HR, Legal,
compliance, IT risk and line of business.
The team then works together to define
the amount of risk an organisation is
willing to tolerate, or ‘risk appetite’.
It is the ITWG’s mission to educate
employees on the importance of good
cyberhygiene, as well as recognising
and protecting against insider threats.
49