How to defend against the insider threat

This year, the US National Counterintelligence and Security Centre has deemed September to be the inaugural Insider Threat Awareness Month to increase awareness about insider threats.

While the phrase ‘insider threat’ has been around for a while, the issue is becoming increasingly top-of-mind for the enterprise. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders that you trust. Of these attacks, three-quarters involved malicious intent and one-quarter involved careless negligence.

To mark this inaugural month, a group of business and cybersecurity experts have come together to discuss the different types of insider threat and how organisations can defend against insider threat scenarios.

The threat landscape

Whether organisations realise it or not, the cybersecurity threat landscape has changed dramatically in the last few years and recent security issues prove it. Everywhere you turn, conversations about cyber issues today are happening. The media coverage on massive breaches continues to grow by the day.

As John Ford, CISO at ConnectWise, points out: “Attacks on small and midsize businesses (SMBs), are on the rise. According to the Ponemon Institute: 2017 State of Cybersecurity in SMB study, the average cost due to damage or theft of IT assets and infrastructure increased from US$879,582 to US$1,027,053. The average cost due to disruption of normal operations increased from US$955,429 to US$1,207,965.”

Risk of insider threats

And it’s not just SMBs that need to be careful of data breaches. Stephen Moore, Chief Security Strategist at Exabeam, gives advice on how to combat the insider threat for all sized businesses: “Understand the normal behaviours of everyone that accesses your network. When you know the typical behaviour, you can more easily spot anomalies.

“To do this, you need the means to track every activity and pull this together into a single storyline. By storing these details and using tools that can look for suspicious behaviour, you can keep on top of your insiders and quickly detect any dangerous activity.”

Anurag Kahol, CTO at Bitglass further cites the growing adoption of cloud as greatly improving the agility of many modern businesses. He explains: “A recent Bitglass study found that 73% of organisations believed insider attacks had become more frequent over the past year. Cloud adoption and bring your own device (BYOD) policies have improved businesses’ agility, but have also made sensitive data more accessible, presenting a significant IT security challenge.

“Unfortunately, in cloud-based IT environments, organisations often struggle to detect anomalous or careless employee behaviours. As such, many must revise their approaches to data protection. By understanding modern threats and deploying appropriate security solutions, many of these risks can be mitigated and even eliminated.”

Eric Sheridan, Chief Scientist at WhiteHat Security, also cites the skills gap as an issue, asserting that: “The pace of cybercrime is continuing to grow so the demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. With the shortage in security, organisations are consistently operating understaffed and team members don’t have time to be as vigilant as they should be which could lead to a slip in security. People make the misconception that the people who are the reason for insider attacks are malicious, however, sometimes they are just individuals who are burnt out.”

How to mitigate the threat

With their knowledge of the network and access to company data, preventing a malicious insider from carrying out data theft can be difficult. However, Jan van Vliet, VP and GM EMEA at Digital Guardian argues: “Data-centric security technologies can go a long way in reducing the likelihood of these attacks.

“These solutions prevent employees from copying, moving or deleting data unless they have given specific permission or approval to do so. These solutions also redact sensitive data from being sent in an email and will alert the system administrator to any attempts to move sensitive data.”

A recent Positive Technologies study found that over one in ten employees fall for social engineering attacks. These work by using psychological manipulation. Hackers use information gained on social media or the dark web to build a profile of a person and then pose as someone they might know via email.

Steve Wainwright, MD EMEA at Skillsoft, continues: “The hackers might then encourage their victim to click on a link or download a file that contains malware. The key to defending against this type of threat is education. By training employees to question and look out for suspicious emails – for example, checking if the sender email address looks odd and scanning the email for poor grammar and spelling – organisations can reduce the likelihood of successful attacks.

“Giving employees the skills and knowledge they need to identify potential attacks is the best way of mitigating the insider threat risk.”

The insider threat continues to be one of the largest problems in cybersecurity, which is why initiatives such as the Insider Threat Awareness Month are a good way to remind businesses to evaluate the very real risk of the insider threat and take the right steps to prevent sensitive data from being shared.