Insider Attacks: How Prepared Are You?

Karthika Surendran
Product Marketer   ManageEngine

Insider attacks often catch organizations by surprise because they’re tricky to spot. Banking on reactive solutions like antivirus software or a patch management solution to stay abreast of such attacks is not very wise. Understanding what exactly contributes to the increasing number of insider threats and addressing these factors is the only way to secure your enterprise against such attacks.

An insider attack is often defined as an exploit by malicious intruders within an organization. This type of attack usually targets insecure data. Insider threats might lurk within any company, and in some industries, they can account for more than 70% of cyber-attacks. More often than not, insider attacks are neglected. Perhaps this is why they have been on a constant rise. 

A survey by CA Technologies in 2018 found that about 90% of organizations feel vulnerable to insider attacks. Organizations believe the data most vulnerable to insider attacks is sensitive personal information (49%), intellectual property (32%), employee data (31%), and privileged account information (52%). 

Many insider attacks are associated with excessive access privileges. While it might be unpleasant or inconvenient not to trust employees, organizations must be vigilant. This can be accomplished by monitoring possible sources of cyber-attacks. A big problem is that many companies are not aware of how to identify and combat insider threats.

Questions then arise: Where can you find the best security tools to gain more knowledge on combating insider attacks? What security standards should you follow to stay within your industry’s security compliance requirements and protect your digital assets better? How do you differentiate between a malicious insider and a non-malicious one?

Important Warning Signs for Insider Threats 

Here are some tell-tale signs you can monitor to avoid an insider attack. Be on the lookout for anyone who:

  • Downloads large amounts of data on personal portable devices or attempts to access data they don’t normally use for their day-to-day work.
  • Requests network or data access to resources not required for their job, or searches for and tries to access confidential data.
  • Emails sensitive information to a personal email account or to people outside your organization.
  • Accesses the network and corporate data outside of normal work hours.
  • Exhibits negative attitudes or behaviors—for instance, a disgruntled employee who is leaving the organization.
  • Ignores security awareness best practices, such as locking screens, not using USBs or external drives, and not sharing passwords and user accounts, or does not take cyberthreats seriously.

Once you have started monitoring, you can implement security measures to prevent attacks from occurring. We’ve put together a short list of solutions for curbing insider threats.

1. Zero Trust

Zero Trust, a new cybersecurity buzzword, is a holistic approach for tightening network security by identifying and then granting access, or “trust.” There is no specific tool or software associated with this approach, but organizations are expected to follow certain principles to stay secure.

Having more users, applications, and servers and embracing various forms of devices, including IoT, expands your network perimeter. In such cases, how do you exert control and reduce your overall attack surface? How can you ensure that the right access is granted to each user? IT security at some organizations reflects the age-old castle-and-moat defense mentality that everything already inside an organization’s perimeter should be trusted, while everything outside should not. This concept focuses on trust too much and tends to forget that we might know little about the intentions of those we deem “insiders.” The remedy is Zero Trust, which revokes excessive access privileges of users and devices without proper identity authentication.

By implementing Zero Trust, you can:

  • Understand your organization’s access needs.
  • Decrease risk by monitoring device and user traffic.
  • Lower the potential for a breach.
  • Profoundly increase your business’s agility.

2. Privileged Access Management

Put simply, Privileged Access Management (PAM) means extending access rights to trusted individuals within an organization. A privileged user is someone who has administrative access to critical systems and applications. For example, if an IT admin can copy files from your PC to a memory stick, then they are said to hold the privilege of accessing the sensitive data within your network. This also applies to accessing data via physical devices as well as logging in and using different applications and accounts associated with the organization. A privileged user with malicious intent might hijack files and demand your organization pay a ransom. 

PAM takes some effort, but you can start simple. For instance, you can remove an employee’s access to the data associated with their previous role. Consider an employee moving from finance to sales. In this case, the rights to access critical financial data must be revoked because we do not want to risk the financial security of the organization.

By implementing PAM, you can:

  • Make dealing with third-party devices and users safer and easier.
  • Protect your password and other sensitive credentials from falling into the wrong hands.
  • Eliminate excess devices and users with access to sensitive data.
  • Manage emergency access if and when required.

3. Mandatory Security Training for Existing and New Employees

Not all insider attacks are intentional; some happen because of negligence or lack of awareness. Organizations should make it mandatory for all their employees to undergo basic security and privacy awareness training sessions on a regular basis. Employees can also be quizzed on these sessions to make the training more effective. Making sure that employees are acquainted with the financial consequences that negligence can cause the organization can help prevent unintentional insider threats significantly.

With so much to lose, it’s a wonder more companies aren’t taking steps to reduce their chance of suffering from an insider attack. As mentioned earlier, there is no particular software or tool behind the security approaches mentioned above. Rather, your organization must address these aspects while developing a homegrown security solution or utilizing a similar service or product from a vendor. By doing so, you can protect your organization from bad actors within or outside of your organization.

However, to specifically tackle the threat posed by insiders who regularly misuse their access credentials or bring malicious plug-and-play devices to work, we recommend looking into other security protocols, such as identity and access management and user behavior analytics, to prevent internal security mishaps. You can also check out dedicated solutions for device and application control that make it easier to monitor and curb malicious activities.

Karthika Surendran

Tags: , , , , , ,