Insider threats are nothing new, but they’re evolving. We’ve always thought of insider threats as either disgruntled employees with malicious intent or simply people who make careless mistakes. But insider threats are changing in the age of the COVID-19. Today, an insider threat is more likely to be a remote employer who seems completely innocuous, not someone sneaking out of a building with huge amounts of proprietary information hidden in a briefcase, writes Michael Crouse, Director Enterprise User & Data Protection, at the cyber firm Forcepoint.
Indeed, the move to a virtual workforce has been a goldmine for industrious hackers. Employees are no longer protected by the brick-and-mortar security practices of the past with access to sensitive data becoming more and more available and uncontrollable in many cases. The risk is further highlighted by Forrester where they predict 33 percent of data breaches will be tied to insider threats. That’s a jump from 25 per cent, an increase driven mainly by remote work.
This pandemic-induced environment is easy for hackers to exploit. Prospects are applying for jobs all over the country, if not the world. Face-to-face interviews are a thing of the past, having been supplanted by more impersonal Zoom calls. It’s just more challenging for HR professionals and teams to do the proper due diligence. And this needs to change.
Combining zero-trust with user behavioural analysis
Adopting a zero-trust approach can help combat this threat, but is it enough? After all, if a mole has already infiltrated your organisation, that person has already been granted some level of trust simply by being hired. Yes, businesses can apply policies that restrict that individual from having access to certain datasets or folders. But what if that person, like our hypothetical employee, has the right credentials and is of the right seniority? In such cases, zero trust as defined by some organisations may not be sufficient and an expanded zero trust methodology should be explored.
Complimenting a zero-trust approach with careful analysis of user behaviour can reduce the potential damage caused by insider threats. While user behavioural analysis is already being employed by many businesses, its importance is magnified by the pandemic, which gives cover for deviant usage patterns. A remote environment may make those patterns more difficult to detect without the normal security perimeters and safeguards in place.
Consider implementing measures to monitor users’ behaviours regardless of their location and whether or not they are on or off company secured virtualised private network. Strive to understand users’ intentions and activities across the divide, look for indicators of abnormal behaviours, and couple all of it with a zero-trust approach to continuously verify and validate users as they attempt to access critical information.
Establishing and continuously evaluating individual user risk scores for every new employee is also essential. A risk score is a numerical value that indicates an individual’s propensity for risk based on a number of factors, including anomalous behaviour, job title, handling of sensitive information, and more. Assign a baseline risk score to new employees based on best practices and lessons learned to new employees. The user risk score can change over time as the employees’ responsibilities adjust. It’s a simple and effective way to reduce the time to detect your riskiest users while continuing to monitor deviant and non-deviant behavioural patterns. Being able to quickly exonerate employees is a critical component of a successful insider risk programs.
A new variation of insider threats
Today, insider threats are not who we think they are. They might be the talented data analyst your organisation just hired, or the new HR manager who recently started and has access to sensitive employee information. It’s important to discover these people before they do irreparable damage.
Continuously vetting and monitoring behavioural patterns is one of the most effective and efficient way to do this. It can protect your agency against a worrisome new variation of an old problem.
