According to IBM’s 2016 Cyber Security Intelligence Index, 60% of all attacks were carried out by insiders. This study found that three-quarters involved malicious intent, and one-third involved inadvertent actors (insiders who unknowingly allowed a malicious program into their network). Not only are internal threats the most common route of attack but they’re also extremely costly to remediate. The 2017 Insider Threat Report, reported 53% of companies estimated remediation costs to be of $100,000 or more and 12% estimated cost to be more than $1 million. Protecting your organization from insider threats is necessary to preventing a majority of data breaches and malicious attacks.
Educate Your Staff
Out of all insider attacks, one-third involved inadvertent actors, this means an insider unknowingly allowed or enabled an attack. This can occur by staff plugging in an infected USB into their work computer, opening a phishing email or downloading a suspicious file. The best way to prevent these types of attacks is to ensure your staff are trained on cyber security best practices. Security training should be completed yearly and cover topics such as phishing, social engineering, malware, passwords, use of portable devices, physical access, data destruction, encryption, data breaches and how employees are expected to respond if a security threat is detected. Well trained staff are your first line of defense.
Utilizing the Principle of Least Privilege is critical to limiting the impact and ability for an insider to commit an attack. The Principle of Least Privilege provides staff with the least amount of access they require for their role. This basically means staff doesn’t have access to anything in the network that isn’t required for their job. To ensure your data is safe you need to know where your data is and who has access to it. Access management is the first step in evaluating and monitoring your data security. By minimizing who has access to your data and certain areas of your network you’re limiting the chances of it being compromised.
Garter argues that by monitoring behavior of users on your network you can stop an attack early on and minimize your damages. By assessing patterns of behavior through User and Entity Behavior Analytics Software (UEBA), organizations can minimize disruption to their business. Is one of your staff members logging in at an odd hour or uploading or downloading an unusually large number of files? These may be signs that an attack or breach is occurring.
Restrict Copying or Transferring Data
Depending on the type of data your organization has, such as patient files, it may be necessary to block users from transferring data to external sources (USBs, outside email addresses, etc.) or copying files. This will make it more difficult for disgruntled employees to steal information or accidently share confidential information with others.
Geo-fencing and Time-fencing
Geo-fencing allows your organization to place physical boundaries on users when utilizing your network or devices. Alerts can be set up so a notification is sent when a device enters or leaves a specific geographical area. For example, an alert can be sent to a hospitals IT team when one of their iPad’s leaves the premise containing critical patient files. Once they have this information they can lock the device and wipe all data. This is practical tool to keep access limited to within a specific area and in addition, keeps those outside the perimeter from accessing your network.
Time-fencing works similarly, it prevents users from accessing certain materials during certain hours. This may be preventing users from accessing Facebook during working hours or limiting access to patient files or critical client data to office hours. By geo-fencing and time-fencing you can limit the number of opportunities for internal threats to access the network and data.
Beware of Third-Party Vendors
A survey conducted by Soha Systems on third-party risk management found that 63% of all data breaches were attributed to a third-party vendor. Many third-party vendors are granted access to organization’s internal networks, making the network even more susceptible to security breaches. To learn more about protecting your organization from vulnerabilities due to third-party or vendor access read our article.