The enemy within: is your organisation vulnerable to insider threats?

With so many organisations worrying about the threat from external cyber attacks, the potential for internal breaches is very real and lurking in the shadows.

When many people think of a cyber attack it is usually associated with the standard stock photo of a hacker in a hoodie trying to externally hack their way in and whilst this may be true have you considered how your organisation could be breached from the inside out?

Insider threat is often overlooked amongst many companies; it is the threat to an organisation that comes from people within the organisation. It’s important to acknowledge that it isn’t always intentionally malicious, it can occur from carelessness. In order to effectively defend yourself, you need to understand who you’re up against. The insider threat comes in many forms, but you can usually narrow it down to:

A careless employee:

This is the most common type of insider threat, due to laziness or a lack of vigilance this type of employee creates an unsecure environment without even knowing it. This could be by opening malicious links without thought or being careless with sensitive data. In a BYOD (bring your own device) world it is more important than ever that policies are set and adhered to.

A disgruntled employee or ex employee:

Revenge is often a motive for malicious activity and typically it comes from disgruntled employees or soon to be ex employees. It can be the way that soon to be ex employee’s air out their grievances before leaving and usually comes in the form of stolen or leaked data.

An employee with malicious intent:

Although typically this is the rarest form of insider threat it is the one that tends to cause the most damage if it does occur. Some employees unfortunately can have malicious intent from the start. This is usually driven by:

·         Financial Greed / Need

·         Anger

·         Ideology

·         Divided loyalty

·         Adventure / Thrill

·         Ego / Self-image

·         Compulsive behaviour

Contractors or third parties:

Unfortunately when you let external beings in to your organisation you open yourself up to threat. Typically, when problems arise via third parties it is due to carelessness rather than malicious intent.

Protecting your organisation from insider threats

Fortunately, organisations can ensure that they are secure from insider threats by considering:

Enforceable policies

 Policies are essential as they reinforce your decisions, provide guidance for your controls, and give you a base to educate users.  The below policies should be foundations that your organisation implements:

 Acceptable Use policy: An acceptable use policy (AUP) or fair use policy is a set of rules applied by the owner that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used. When considering insider threats cloud storage and the use of USB’s and other external devices present the most common ways of misuse, so considerations must be made for these.

Privacy policy: A privacy policy is essential so that your users understand what to do with both staff and customer data.

Mobile Device policy: With mobile device usage on the rise as employees enjoy flexible working, policies must be put in place to ensure data isn’t put in the wrong hands. Our recent blog article covering Mobile Device Management covers all you need to know about this.

Awareness & training

As carelessness is typically the biggest insider threat to an organisation awareness and training must be a high priority. Your users are generally prime targets for attackers so providing periodic training and education can maximise your defences. In the current climate you should cover:

·         Existing security policies: how to adhere to these policies

·         Phishing emails: what to look out for, how to examine messages and when to report

·         Malware handling: what to do (and who to call) should you get infected

·         BYOD responsibilities: how to be responsible with devices that leave the organisation

Scheduling this sort of training annually makes sense to keep users up to date with changes and policies.

Detection and Controls

Enforceable policies and awareness and training are a great defence against insider threats but the need for detection and technical security controls is essential. Many organisations have little to no visibility when it comes to network activity. Lacking the ability to monitor user behaviour and file movement will leave you in the dark when it comes to insider threats.

Human Resources

 You may think that insider threat is purely just an IT issue to manage but a HR department with the right procedures in place can play a vital part as well. Ideally, teams across your organisation should collaborate to identify insider threats. HR can play a role in vetting during the recruitment procedure by red flagging suspicious past activities. They can also defuse any situations of conflict between the worker and company, before they take a turn for the worse or, soften the blow when a worker is on the line for firing.

AAG implements and advises on security solutions that will protect your business in the changing cyber landscape. We can support your in-house IT team or provide an outsourced expert solution. Don’t hesitate to get in touch if you need assistance with your Cyber Security.