An Inside Job: Threats Among Us
According to the 2019 Verizon Data Breach Investigation Report a third of all data breaches within businesses involve internal staff. That’s a lot given that our employees and colleagues are those who we know and trust. Let’s look closer at the insider threats and see how to defeat them!
What’s an insider threat?
An insider threat is a human security risk which comes from within an organization. The bad actors here are not your standard cybercriminals but current or former employees or contractors who compromise the safety of your data. They may do it accidentally (we call them negligent insiders – often they’re those who fall victim to social engineering attacks), but they can also do it intentionally (malicious insiders).
Both negligent and malicious insiders are highly dangerous and it’s worth taking time and effort to detect their actions before any harm is done. Insider threats can take different forms – from an organized attack on a company’s top-secret information and modification of important data to an unintentional, but harmful data leakage. They can cause huge financial and reputational damage to any organization – especially the household names!
How to spot an insider threat?
Insider threats are difficult to spot, mainly because the insiders already know where the sensitive data is stored and have legitimate access to it. They may work on it regularly so distinguishing whether they are doing their job or taking part in potentially malicious activity is a challenge. No anti-virus for human threats.
To combat insider threats you have to employ a much stronger sensor ... PEOPLE! Training employees on signs of an insider threat will greatly increase your ability to catch possible breaches early. Once everyone is aware of the risk and has a data security mindset, they’re more vigilant and notice unusual things earlier. Here’s a list of useful tips to follow:
- Know where your sensitive data is and who has access to it. Limit the number of people who can view it. Try to eliminate documents that are open to everyone. Make sure you’re aware of your company’s policy on sensitive documents and how they should be stored and distributed. Remember that all malicious actions need two factors: a malicious user and an opportunity. If you don’t provide the opportunity, you are less likely to experience an insider threat!
- Watch out for unexpected changes in behavior of your employees and colleagues. Think whether their situation has lately changed: were they keen to get promoted but never got a chance? Do they feel unhappy at the workplace and feel they’re underpaid? These situations help people convince themselves that their wrongdoing is actually fine. Watch out for people who:
- are logging into the system more often, especially after working hours
- are asking for access to files outside of their job responsibilities
- are using unauthorized storage devices (USB drives or floppy disks)
- are downloading or accessing substantial amounts of data with no apparent reason
- are emailing sensitive data outside your organization
- are constantly talking about a new and exciting opportunity but aren’t keen to disclose any details.
- Be careful with new employees – screen them before you offer them employment and always ask for references. Take time to get to know them and make sure they have access only to the files they need.
- React quickly! If someone’s behavior looks suspicious, notify your security team immediately.