+
EDITOR’S QUESTION
KARL LANKFORD, DIRECTOR
OF SOLUTIONS ENGINEERING,
BEYOND TRUST
/////////////////
W
hen we think of insider threats, we often imagine
disgruntled employees seeking revenge on their former
employers’ business. In reality, a vast majority of these
threats are most often caused by honest mistakes such as clicking
on malicious links or opening phishing emails.
Either way, insider threats can be very difficult to detect and pose a
threat that businesses struggle to address.
In fact, in our Privileged Access Threat Report from this year, we
revealed that two-thirds of IT professionals believe their organisation
has likely had either a direct or indirect breach due to employee
access in the last 12 months, with 58% treating the threat of
misused or abused insider access as critical.
So how can organisations ensure they’re effectively protecting
themselves to address this risk? Here are my top tips on combating
the insider threat.
Control or eradicate email attachments and links: Emails are
the primary attack vectors in use today and while a message in itself
may not be dangerous, links and attachments are. Today’s security
product vendors are offering real-time malware assessment of links
and attachments and will quarantine a suspicious attachment and
prevent connecting to a dangerous link.
Monitor employee behaviour and look for anomalies: This can be
done at many levels, including action monitoring software. It’s not
intrusive to look for excessive data dumps or repeated attempts to
look at files or directories that are not permitted, it’s good business.
Raise security awareness: Finally, there is the need for ongoing
security awareness training that is an integral part of company
culture and not an afterthought or a ‘checklist’ item. A company
that partners with employees to ensure security awareness will do
better than one that forces compliance or just performs training to
check a box.
“
Properly manage and control access to data and critical systems:
Role-based permission, removal of administrator
access and the principle of least privilege are
your friends. Work with your HR team and line
of business managers to understand user roles
and the types of application and data access
they need to do their jobs. Then, assign only
that access level and no more. Take advantage
of identity governance and PAM solutions to
effectively manage role-based permissions
for onboarding, role changes and offboarding
and removing access when employees leave
the business.
Know where your data is: An important
counterpart to my second tip is knowing
where mission-critical and sensitive data
resides in the system so that you can lock it
down with appropriate permissions. If you
don’t know where it is, how can you protect it
with the right level of access?
www.intelligentcio.com
INSIDER THREATS
CAN BE VERY
DIFFICULT TO
DETECT AND POSE
A THREAT THAT
BUSINESSES
STRUGGLE TO
ADDRESS.
However, the challenge of mitigating insider
threats is that most organisations don’t
have fully integrated privileged access
management (PAM) tools.
While evaluating attack vectors, researching
competitors and gauging the threat from
organised crime or foreign adversaries,
it’s easy to conclude that external attacks
should be the primary focus of defence. This
conclusion can often be wrong. The critical
element is not the source of a threat, but its
potential for damage.
By evaluating threats from this perspective, it
becomes obvious that although most attacks
might come from outside the organisation,
the most serious damage is done with help
from the inside.
INTELLIGENTCIO
33