Many organizations and employees focus their security measures on network borders; but forget to focus on insider threat in an organization. Rarely anyone in the organization can guess about the insider who caused an attack whether intentional or not. It might be hard to believe that the well-dressed lady or gentleman with a nice smile from the next office might be the culprit who has been giving your company a hard time while you are busy searching for a non-existing external cyber-criminal.
Well, an insider threat is malicious cyber threat to an organization that comes through an organization’s personnel such as employees, ex-employees, contractors or business associates who have full information to the organization and access to their data, security passes, and computer systems.
Insider threats usually come from any level in an organization but usually, the higher-level employees offer bigger threats since they have high-level security clearance and more access to the company’s classified data. According to a survey conducted by Dell on cyber security professionals, 59% of the insider threats are from managers followed by 48% by contractors, 46% by regular employees, 41% by IT administrators and staff and the least being 30% from third party service providers.
Insider threats are usually disgruntled employees or ex-employees who believe that the organization did not do justice to them and are therefore looking for revenge. It might also come in the shape of an ignorant employee who accidentally leaks the organization’s vital information without intending to or perhaps those greedy employees who trade in classified company data and information to make an extra buck.
On the other hand, these threats may also come via unfortunate situations like blackmailed employees who are forced to turn against their organizations to save their loved ones or their dirty little secrets. Whether justified or not, these inside threats pose a major threat to all organizations worldwide.
This calls for a serious alarm to all organizations against insider threats where serious security measures should be put in place to counter insider threats as equally as external threats. It is time to tight the loose nuts. Here are some of the security measures that would help reduce insider threats in a modern organization.
1. Conducting a periodic risk assessment for the whole organization
Organizations must assess their critical and most valuable assets and the risks that might occur periodically and then come up with strategies on how to protect those assets from both inside and outside threats. Most firms wait until there is an attack before they can take measures against the attack, which already has caused damage. These periodic risk assessments periods must be at short intervals to reduce the risk of a cyber attack in between the assessments.
2. Conducting periodic security awareness training for all employees
A good number of employees pose a threat to their organizations due to ignorance or by being unaware of the security policies in the workplace. By conducting security awareness training, employees are made to understand security policies and procedures of the organization; why they exist and the consequences in case one violate the policies. Such a measure wards off the possible intended inside attacks while it also reduces cases of ignorant insider threats by a huge percentage.
3. Encouraging separation of duties and minimal privileges
By separating duties of employees and giving them minimal access privileges, an organization is bound to restrict employees to their line of work securing the other departments in case one decides to attack the organization’s system. This will make it easy to identify the source of the problem keeping in mind that there are no overlapping roles.
4. Logging, monitoring and auditing employee actions periodically
By monitoring and logging employee actions periodically, the organization will be able to discover suspicious action of the insider threat before he/she does the actual damage to the organization. This way, the organizations will always be a step ahead of the threat.
5. Keeping an eye on system administrators and privileged users
Statistics show most inside threats usually come from the system administrators and privileged users such as managers who have access to most if not all of the data in the organization. Caution must be exercised on such individuals to secure the data they have in their control. Remember, as you keep an eye on those privileged users do not forget to watch the junior employees.
6. Monitoring and responding suspicious behaviors in workplaces
As much as the organizations are monitoring their employees’ online activity on their user accounts, it may not be enough! In other words, it is prudent for any organization to monitor their employees’ behavior in their workplaces to take note of dissatisfaction and complaints, which can drive them to turn against the organization.
7. Deactivating user access following termination
Once an employee leaves or is fired from an organization, his access credentials should be terminated immediately. Of course, most ex-employees, especially the ones fired are usually dissatisfied with the organization. They would want revenge against the authority or person who is responsible for their job loss. What would be the better way to do so than misusing their privileges?
8. Actively defending against malicious codes
Privileged users and system administrators who are inside threats sometimes attack the organization system by planting logic bombs or malicious codes which will disrupt the system in place. Therefore, by putting in place a system that defends the organization against malicious codes, one can reduce attacks on the systems by these inside threats.
These just a few major measures can help you counter insider threats in organizations. To cut the long story short, a good amount of resources should be dedicated to counter insider threats. Let us just say that organizations today should be very wary of the insiders if they are to have an upper hand in the war against cyber crime.