Gone are the days when our greatest inklings of insider threats were employees who never wanted to take vacation and did everything to avoid letting others see the financial records they were maintaining. Today, insider threats come in a concerning variety of forms with consequences often exceeding millions of dollars. As time passes, more industries than ever before are feeling the sting of security incidents and breaches stemming from their very own trusted employees and partners.
According to a 2018 Ponemon Institute report, of those surveyed, ove 3k known insider threat incidents were reported with an average cost of about $238k. The report also reveals that it took companies upwards of 2 months to contain incidents relating to insider threats.
What makes insider threats so concerning, is that they challenge our typical way of thinking when it comes to protecting our assets. Think of keeping burglars out of a home. Even if you invest in the strongest security system, put burglar bars on all windows and more, this will only keep people outside. For someone you trust, like a family member, maid, or the security vendor who understands the solution you purchased and has the security codes, your system likely will not stop them. That is an insider threat.
Similar to protecting a home from burglars, a fundamental component to protecting any company from cyber-attacks is to secure the network perimeter. Essentially, you create a wall to keep the bad guys out. But what happens when your own employees with authorized system access, have the same malicious intentions of the very people you are fighting to keep out? They often know the technology well, which increases their capability to traverse the network without setting off alarms. And because of their internal knowledge, they’re ability to cover their tracks becomes even greater.
Though alarming, this does not mean corporations should breed cultures of distrust in their employees. It simply means that there is a threat, like many others in the cybersecurity space, that can be mitigated with the right level of awareness, people, processes and technology. To get started, here are five important things every company should know about insider threats:
1. Insider threats are not always malicious in nature, but can still have pretty significant consequences regardless of intent.
When most people hear of insider threats, they think of the disgruntled employee who decided to sabotage their company by leaking confidential information after being fired – or – the employee who writes invoices and then pays the funds to their own account. A stark reality is that often times, insider threats can be inadvertent. Common examples include employees who click on phishing emails, developers who quickly release code plagued with security holes to meet a deadline, and more. Though the intention is not malicious, the outcome can still put companies at the same level of risk. One of the best ways to prevent this kind of insider threat is through training and awareness. Employees who are educated on cyber security best practices and proper cyber hygiene, are less likely to make these avoidable mistakes.
2. Monitoring technology can help you detect and respond to insider threats.
Detecting insider threats as early as possible is critical to limiting the amount of damage caused by the incident. This can be done by constantly monitoring user activity for any anomalies. In order to know what can be considered abnormal user behavior, you must have some sense of what normal user behavior looks like. Once you have a baseline to compare against, you can begin to alert on suspicious behavior. For example, if you have an employee of 5 years who has worked a pretty standard schedule of 9 to 5 Monday through Friday and you notice that at 3am they are exporting tons of data from your system – that’s a red flag that you may want to investigate.
3. All insiders are not created equal.
Many companies struggle with keeping track of who has access to their networks and what levels of access they have. Whether employees, retirees, dependents, contractors, third parties or trusted partners, anyone can become an insider threat. When you factor in privileged and super account users, the accounts cyber attackers love the most, the potential impact becomes even greater. In the wrong hands, these accounts can be used to further elevate access, create backdoors, cover tracks, and more. When defending against insider threats, these accounts become extremely important to monitor for suspicious activity.
4. Monitoring technology is a great start, but we can do more!
Insider threat detection and response technologies continue to evolve and advance. With the growth of artificial intelligence and other emerging domains, the ability to conducted deeper analysis and proactively uncover insider threats hiding in organizations has increased exponentially. Sometimes detecting incidents is not as simple as noticing an employee working during odd hours or some of the more obvious signs. A report from Carnegie Mellon on insider threat within the federal government found that most internal fraud was committed during normal working hours, with losses from some incidents exceeding $1 million each. Furthermore, 50% of these threat actors were with the company for at least 5 years. They likely knew the systems well and had insider knowledge on how to circumvent security features. This is where artificial intelligence and User Behavior Analytics technologies can become a game changer for all companies, but especially for those where the stakes are high and the likelihood of insider threats even higher. (e.g. financial services, banking, technology, healthcare, and government institutions.
5. Your employees can also help defend against insider threats.
While technology is a great way to automate detection, there are many signs your own employees can pick up on as well. Creating awareness and having a process where employees can safely report suspected foul play can add another layer of insight. Some indicators employees can look for, according to (US CERT), include ethical flexibility, reduced loyalty, compulsive or destructive behavior, greed or financial need, and working odd hours.
Whether malicious or accidental in nature, insider threats can lead to breaches that cost companies millions of dollars. Advancing technology and cyber awareness efforts are helping companies prevent, detect and respond to these threats. Trusting your employees and your partners is a critical part of doing good business, but maturing your ability to manage insider threats, is doing smart business.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.