Insider threats to your business’s security now have their own month. In a partnership between national and government-led security organizations including the National Insider Threat Task Force, the Department of Homeland Security, and the Defense Counterintelligence and Security Agency, September has been declared National Insider Threat Awareness Month.
It seems every few days another security breach makes the news, usually as a result of insider activity. An insider threat is a security incident that happens due to the activities of someone who has access to a business’s devices or systems, whether accidental or intentional. National Insider Threat Awareness Month will promote awareness of the top threats facing your business today. Here are a few of the biggest concerns security experts have when it comes to insider threats.
Lack of awareness
Your end users may not regard security the way you do. They know they need to set a password to access various systems and update them regularly, but they also want to make it as easy as possible to remember. They also probably find it tough to enter long, complex passwords multiple times every day, so they choose the minimum number of characters necessary. But when combined with other reckless or lax behaviors, such as leaving devices unlocked and using public Wi-Fi, your business is always at risk. You may need to conduct regular training or send users a gentle reminder.
With the right security tools in place, businesses can learn about these behaviors and take action to correct them. User and entity behavior analytics (UEBA) identifies risky user behavior and unusual activity involving machines on a network. Activity that is anomalous to the user’s known behavior is flagged for additional investigation. In addition to addressing particular risks, a security information and event management (SIEM) using UEBA as an underlying foundation can also help you get actionable behavioral insights before they transpire into security incidents.
Malicious insider activity
Unfortunately, you may find that one of your insiders deliberately commits some type of breach such as stealing code or infecting a machine with malware against your system. This isn’t always an employee on your payroll. You could have an independent contractor or vendor gain access and wreak havoc on your system. It’s important to give everyone who accesses your network the lowest-level folder rights for their role or projects and have someone escort vendors at all times when they’re on your property.
UEBA can also help protect your organization against deliberate threats, alerting you as soon as something unusual has taken place. But you should also make sure to terminate access to your systems immediately when an employee or contractor no longer works for your organization. Your HR department should have a procedure in place to alert IT whenever access needs to end.
One of the top reasons criminals go after a business’s insiders is to gather their credentials. This can be done a variety of ways, including coercing them to download keylogger viruses that gather every keystroke they type. They may also use phishing, which involves having them click on a seemingly innocuous link and entering their username and password. Phishing can often be targeted at employees from an “executive” as in this case reported by Bloomberg. As reported, “Arrow, an electronics company in Centennial, Colo., was hit for $23.4 million when an employee at a subsidiary in Norway was “induced by person(s) impersonating himself/themselves, over the telephone or in email as the CEO of Arrow Electronics or a lawyer with a Wisconsin law firm” to transfer the amount in nine installments over five days in 2016.”
Threat detection technology can effectively stop attackers. These tools will track threats down and either take action or alert you so that you can intervene. With so many options, though, it’s important that you know the biggest threats to your organization and find a combination of solutions to keep you safe.
Malware will always be a threat to organizations. While it’s typically portrayed as an outsider threat, when your own users’ behaviors accidentally introduce it into the network, it becomes an insider threat. One click on the wrong link can usher in a threat that spreads throughout your network, slowing things down at best and taking your entire network down at worst.
Tools today are becoming more sophisticated at spotting these threats, thanks in large part to data science. The right UEBA solution uses data analytics to build baselines of the typical behavior of your organization’s staff and machines to more effectively predict when something is out of place.
Modern threat-detection tools like a SIEM is the backbone of your organization’s security. It may take research and evaluation to get the perfect configuration set up, but once it’s in place, you’ll have a foundation to protect your organization against insider threats.
Learn how Exabeam helped the Berkshire Bank gain better visibility into insider activity in the organization.