Insider Threats: A CISO Nightmare
Blog / Insider Threats: A CISO Nightmare
With insider threats, your biggest assets become your biggest risks.
One of today’s most damaging security threat comes from trusted insiders. Insider threats can come from anyone in your organisation, from those with the highest access to your company data to those who you think have no access at all. Your insiders are both employees and third parties. The risk is at all levels. Its no wonder that 25% of all security incidents involve company insiders.
Types of insider threats
As the CPNI notes, an “insider” (also termed a cyber insider) “is someone who (knowingly or unknowingly) misuses legitimate access to commit a malicious act or damage their employer.” This means you can face unintentional or intentionally malicious acts from persons employed in or who has privileged access to your company.
- Unintentional insider harm
Unintentional harm stems from accidental data breaches. This could be through the carelessness or negligence of an employee or contractor. There is also the loss of employee credentials which can then be used for malicious intent.
- Intentional insider harm/Malicious threats
Intentional insider harm is where persons with trusted access in your company deliberately set out to cause the company harm. It can be to steal valuable company data or to insert malware or other viruses into your company network.
Whichever area the threat comes from, there is the possibility of:
- Unauthorised access to confidential data
- Unauthorised disclosure of confidential data
- Fraudulent transactions
- Systems or data sabotage
The threat is very real, and as a CISO, it makes your job of securing your company’s physical and digital assets that much more difficult. Too often, executives’ perception of the risks does not match the reality. And it’s therefore difficult to implement the solutions necessary to protect your company.
The challenges for CISO
With the complexity and varying individuals involved with insider threats, security professionals face a unique level of responsibility in securing company assets. The concern, therefore, surrounds how to detect insider threats, counter these activities, and respond to any ensuing cyber attacks as a result.
Mitigating unintentional insider attacks
Ensuring your employees and contractors understand the role they play in reducing unintended risks is important. It may be tempting to assume that all of your employees understand the risks they face daily, but it bodes well to remind them and inform those who didn’t.
A marketing campaign targeted at raising awareness of various threats is often a good and simple solution to get your employees up to speed quickly. You can focus on areas such as:
- identifying phishing attempts
- how to avoid weak passwords
- why they shouldn’t share passwords
- the unintended accessibility of unlocked devices
- the dangers of using unsecured Wi-Fi networks to do company business
Planning for malicious insider attacks
In addition to helping your team understand their potentially unintentional role in causing the company harm, you need to simultaneous focus on monitoring for deliberate insider threats. Every organisation should have internal controls to detect and prevent insider attacks.
Areas of focus should include:
- Data loss prevention
- Data encryption
- Identity and access management
- Endpoint and mobile security
- Cloud access security
In addition to tools for control, there is also a need for tools to analyse these threats and attacks. Your insider threat program should also include:
- Intrusion detection and prevention controls
- Predictive analytics
These are but just a few of the essential elements of a comprehensive insider threat program. As a CISO, you can’t afford to not have various levels of control and prevention strategies in place.
Building out an insider threat program
Insider threat is inevitable. Therefore, if you do not already have a formal program in place to mitigate insider risks, then there’s no time like the present to get started. You should focus on developing a program designed specifically to meet your firm’s uniqueness as a one-size fits all approach is not advisable.
Let’s have a quick chat on how to build out your insider threat program with the right combination of deterrence, prevention, monitoring, detection, and post-breach forensics tools and skills.
Fancy reading something else - what takes your fancy?atlassian ciso cloud covid19 crime culture cybersecurity insider-threat malware remote-working security