Contrary to popular belief, cyberattacks are not always a massive attempt to take over or disable businesses infrastructure, writes Rashid Ali, Enterprise Solutions Manager, at cyber firm WALLIX.
When we think of cybercrime, we are often drawn towards the image of hackers trying to steal company data, extorting the business for money or disrupting business services. While this does happen from time to time, the reality is that insider threats are a much bigger concern and are happening more and more frequently. Insider attacks can cause irreversible damage, especially if conducted through privileged accounts, as physical access is already granted. So, what exactly are insider threats, and what does this mean for businesses?
When we think of insider threats, it can feel like an uncomfortable topic to broach, but the truth is that employees present one of the most serious information security threats for every organisation. It’s not necessarily a case of trust. In truth, even the most trusted employees can unwittingly pose a risk. This is largely down to opportunity; insiders have already breached the perimeter by virtue of their roles and the more senior the employee, the more likely it will be that they have a privileged account and access to more company data. Insider threats also refer to external employees such as contractors, freelancers and third-party vendors. In a nutshell, anyone with privileged access to critical systems represents an insider threat to the business.
However, before you start snooping on your employees, it’s worth bearing in mind that the vast majority of insider attacks are accidental. And this is what makes insider threats just so risky. Trustworthy, valued employees can make a mistake or have their credentials stolen through no fault of their own. Employee error and negligence are also one of the leading causes of data breaches, but these are not out of malicious intent. It is an easy mistake for an employee to click on a malicious link or connect to an unsure WIFI hotspot, and these are just some of the mistakes made by employees every day.
Insider threats can come in all shapes and sizes, whether malicious or unintentional and are carried out against organisations of every size and industry. With no businesses exempt, it hardly then comes as a surprise that these of types of threats are on the rise with the latest research pointing to almost double the number of insider attacks in the past two years. Regardless of cause or approach, organisations need to combat this growing threat.
One of the main challenges is human error, and stopping insiders from abusing privileged access requires understanding and training. Even with the most robust training courses in place, employees will still make mistakes from time to time, and it is, therefore, important to complement this with understanding and ensure that insiders across every level of the organisation truly understand the importance of security.
While this may sound obvious, there are times where employees will violate one of the most basic rules of infosec – password sharing. For example, if someone is locked out of an account or database, or simply trying to access restricted information, with all the best intentions in the world, another employee may share their credentials, thinking it saves time and will avoid complicated red tape. However, this is not always the case, and passwords should be treated as confidential. This was also allegedly what allowed Edward Snowden to access so much information, as he asked for and received passwords to top-secret systems from his NSA colleagues. Passwords are one of the first lines of defence when it comes to protecting data, and through proper password management systems businesses can take steps to mitigate this problem. However, training is also key, and every employee across all levels of the business should understand the importance of security.
Alongside training employees, given how difficult it can be to predict or spot an insider attack, deterrence is the best defence. While it may seem like an impossible task, especially in the face of rising data breaches, with strong authentication and data control, organisations can mitigate the risks. The objective should be to make it as hard as possible to launch the attack. Then, if an attack is attempted, detection and analysis can determine who did it and what weaknesses they were trying to exploit, and this can be achieved if IT teams have complete visibility through privileged access management.
By boosting security measures with privileged access management, organisations can bring insider threats back under control. This will allow IT teams to set security protocols to control who has access to what, when and how. Only with this level of insight will businesses be able to take steps to mitigate the risks of insider threats without hindering employee productivity. Fundamentally there will always be some employees in every organisation who need access to confidential data. With privileged access management, this can be granted, but insight will be restricted, allowing data to only be shared with those who need it.
In addition, for highly regulated or security-focused organisations, extra protocols can be included restricting access by other limitations – such as to certain hours of the day or by location, flagging any red herrings so even if credentials are stolen further identification or protocols will need to be met.
Gaining comprehensive data control is the key to overcoming the threat of insider attacks. With privileged access management IT teams will have the security checks and insight they need to provide peace of mind and robust security while providing employees with access to the data they need when they need it.
