Organisations across all industries and markets are waking up to the very real threat posed by insiders, writes Keith Lowry, pictured, Senior Vice President, Nuix USG and Business Threat Intelligence and Analysis.
According to IBM’s 2015 Cyber Security Intelligence Index, 55 per cent of all cyberattacks come from insiders, and result from a combination of malicious efforts and inadvertent actors. Insiders everywhere are taking advantage of their placement, access and trust for illicit gain. Not only do these events hurt organisations financially, they sometimes cause irreparable damage to business reputations. Countering insider threats is an issue that can no longer be ignored or minimalised. However, many organisations are at a loss as to how to best create, develop and implement a counter insider threat programme. Understanding the threat is a firm foundation upon which to start building a counter insider threat programme. From there, you can begin framing out defensive capabilities through a number of activities designed to allow any technical solutions to target the right data and areas within your organisation.
1.Know your data:
You can’t protect something you don’t know anything about. Before doing anything else, your organisation must develop a complete data map and complete a full access audit. This entails cataloguing the information your systems contain and knowing what server that data is on, where it is physically stored, and who has access to it. Make sure to regularly review and update these resources, as they will become outdated fairly quickly.
2.Set priorities:
When developing plans to protect their “crown jewels,” many organisations run the risk of trying to protect too much information too soon in the process, spreading precious resources too thin. Instead, you should try to create priorities by considering which applications or data would cripple the organisation if it was compromised and place those specific items at the top. While massive databases of customer data are very important, sometimes specific documents like strategic plans or company financials would prove more damaging if they fell into the wrong hands. This “critical value data” is easier to identify and protect than huge sets of data, which can come later on in the process.
3.Establish sound policies before purchasing:
Organisations will often fall in love with a piece of technology and purchase it before considering the policies that the tool will support. How can an organisation ever begin to determine which tool will be right for it if it doesn’t know what it needs the tool to do? Those that begin the quest for better security by asking “What tool should we purchase?” have a long, uphill and difficult road ahead of them. Organisations are better-served to think strategically by defining, planning, organising and prioritising the programme before looking at tools. Remember, humans are always behind the threats that organisations face, and they will always figure out a way around any tool.
The process starts with clearly-written policies that define the ground rules the counter insider threat programme should follow, expectations from employees and escalation paths when a potential insider is discovered. As a result, procuring technology should be one of the last steps you take when developing a counter insider threat programme.
4.Educate and train to avoid distrust and avoidance:
We must design and implement insider threat programmes with care and understanding in order to prevent employee distrust and avoidance. Of course, all programmes must consider privacy and civil liberties while at the same time protecting the organisation’s critical value data. Policies covering these key areas need to be in place from the beginning. The best way to overcome these internal hurdles is by investing in training and education for everyone at the organisation. It’s imperative to highlight that the programme is not “Big Brother” watching, but rather a well-meaning and thoughtful practice that protects and even empowers employees across the organisation. Don’t fall into the trap of thinking that having policies, processes and procedures in place eliminates the importance of training and education. Employee referrals and support are just as important as monitoring tools, and a successful employee education programme helps to strengthen all other counter insider threat measures.
There is no easy or quick fix to handling the insider threat to your organisation. Creating an effective programme takes careful planning, intelligent processes, the right technology implemented for the right reasons, and dedicated staff and management. The alternative, however, is leaving your organisation vulnerable to theft, incalculable financial ramifications, and reputational damage. Countering threats to information is a challenge organisations simply can’t afford to lose.
