When we bring up the topic of insider threats during discussions with prospects, we often hear “My people are great, they’ve been with me for years” or “We don’t have data that’s valuable enough to make us a target”. Worse still, the media only seems to talk about the hackers who break in from the outside. Yet an estimated 70% of cyberattacks and breaches leverage an insider, and most of them had no idea they were participating by unwittingly providing information via social media, phone call, or by clicking on something they shouldn’t have. A disgruntled staff member or contractor who has access to your network is a huge concern, because they have credentials and won’t trigger your typical network security.
While it is impossible to prevent all insider threats, there are steps you can take. Start by asking your C-team “What type of breach would be our worst case scenario”? Their answers will help you to confirm what data most needs protection. Then ask your IT resource(s) “What mechanisms do we have to detect threats against this data” and “What types of threats do we not have visibility into today”?
One of the main safeguards against this type of insidious threat is to monitor your network. Not simply up/down for devices or even perimeter, but watching for anomalous behavior that could indicate a compromise or attempt at one. This is especially key for organizations with hundreds or thousands of staff – it’s not practical to try and watch everything every one of them does 24/7/365. But what if you had a solution in place that could alert you to potential indicators, such as large file copies, unusually high number of files that have been accessed by a single user, visits to sites that no one else in the organization has gone to, or logging in remotely from outside their normal geographic area? While all of these indicators could be innocent, the ability to be aware of the activity of the subset of staff who do them and investigate to rule out bad intent can mean the difference between catching a threat quickly or staying in the dark while your worst case scenario is playing out, risking your organization’s assets and reputation.
Identify what you need to protect, provide your staff with clear policies and procedures and cybersecurity training, but don’t stay in the dark. Allocate cybersecurity budget to monitor your network for metrics that can give you the visibility you need to defend against threats from within as well as from the outside. The hackers are counting on the fact that most do not!
