Every business has to deal with threats to their business, but an insider threat is something many take for granted. Sometimes the threat is really from inside…
The definition of an Insider Threat is
An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.
Oblivious Insider. This insider threat takes after its namesake, and it’s a top cause for data breaches in today’s world. These insiders have important access to company files, and they’ve been compromised from the outside without knowing. This most likely came to be when they clicked on a malicious phishing email that granted the criminal access.
Negligent Insider. These employees are most vulnerable to phishing emails. Due to lack of security education, or simply their interest in bypassing workplace protocol to meet efficiency, these individuals are a top threat to data loss.
Malicious Insider. This is where the insider crosses the line, and data loss becomes intentional. They seek to delete important company information, and inflict financial harm in some way. Luckily, there are several behavioral trends that fellow employees and managers can watch out for to ping these insiders.
In an article from May 2016, the Wall Street Journal referenced a Deloitte “Dbriefs” report in which they present some alarming numbers on corporate malicious activity by trusted insiders:
• 92 percent of insider threat cases were preceded by a negative work event, such as a termination, demotion or dispute with a supervisor.
• 97 percent of insider threat cases studied by Stanford University involved an employee whose behavior a supervisor had flagged, but that the organization had failed to follow up on.
• 25 percent of employees have used email to exfiltrate sensitive data from an organization.
How pervasive is the insider threat in your company?
“The Dtex 2018 Threat Report serves to bring to the forefront those areas where companies, and that is every company, big or small, can invest their resources to bring down the threat posed by their trusted insiders.”
Clearly, visibility on the need to focus on basic cybersecurity 101 is required. Richard Stiennon, IT-Harvest Chief Research Analyst and Charles Stuart University Lecturer, tells us, “Business needs to get out of the cybersecurity denial phase it is stuck in. To do this, it must accept that it needs more visibility into what’s going on in its environment.”
DTex Systems “THE 2018 INSIDER THREAT INTELLIGENCE REPORT”
- Focus on deterrence, not detection. In other words, create a culture that deters any aberrant behavior so that those who continue to practice that behavior stand out from the “noise” of normal business and the limited investigative resources that you have can be focused on them.
- Know your people, know who your weak links are and who would be most likely to be a threat.
- Use your HR data to narrow down threats rather than looking for a needle in stack of needles.
- Identify information that is most likely to be valuable to someone else and protect it to a greater degree than the rest of your information.
- Monitor ingress and egress points for information (USB ports, printers, network boundaries).
Baseline normal activity and look for anomalies.