You may have seen the news last week about a former employee of Ofcom recently offering his new employer a significant amount of sensitive data he had stolen from the regulator. Apparently he took nearly six years of sensitive data given to Ofcom by TV companies, and offered it to his new employer. Senior management at the new employer then alerted Ofcom.
Unfortunately this is not an uncommon occurrence. According to Skyhigh Networks' Cloud Adoption & Risk Report, 89.6 percent of organisations experience at least one insider threat each month, and the average organisation experiences 9.3 insider threats each month.
These are staggering statistics. Companies are responsible for protecting individual’s data. We all trust that the companies we buy products and services from have provisions for protecting our data not only against cyber attacks, but against internal threats as well.
Yet according to the SANS 2015 Survey on Insider Threats, while 74 percent of 772 IT security professionals surveyed said they're concerned about insider threats, 32 percent said they have no ability to prevent an insider breach.
What is a company to do? Here are 3 expert ways to mitigate an insider security risk.
- Minimise Rights
Also known as enforcement of the least privilege principle, identify and access management (IAM) is the standard approach to provision the right amount of access for employees, contractors and partners. Coupled with access review processes in order to catch "access creep", this should provide a decent first line defence against insider threats. The end goal is to reduce the amount of rights that insiders maintain, to minimise the risk of abuse and enforce separation of duties.
- Enforce Access Controls
As users interact with applications, systems or data, the way they authenticate must be contextually controlled. Simple credentials (username and password) may be appropriate for low-risk authentications, but as the risk context increases there may be a need to step-up authentication. And when doing a step-up authentication, it makes more sense to use a second factor rather than ask for another piece of information, which is probably something an attacker could find on social media.
- Monitor User Activity
But isn’t enough to simply control access because as we have seen, legitimate insiders will abuse their privileges. A happy employee can become a disgruntled employee very quickly, potentially without you even knowing. Plus we must assume that well-funded, creative attackers will eventually gain insider credentials if they really want them. As such it is important to monitor user activity and identify abnormal patterns that indicate a potential attack. This can be done by using analytics in conjunction with traditional SIEM (security information and event management), integrated with identity and access management, to tie patterns to users. While more complex, this method is often the only mechanism a company has for determining a breach quickly.
Many insider breaches are accidental. So it is important to bear in mind that this is not a battle against the evil streak in human nature, it is a battle against everything from carelessness to naiveté (… as well as evilness).
If you are interested in a free audit to determine whether you have enough security measures to adequately guard against an insider threat, please get in touch with BTA today. BTA has over 20 years of experience helping customers ensure their systems and data are as safe as possible, and expert consultants who will take the time to understand your unique business needs. Call BTA on 0208 875 7676.