In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by employees.
Cybersecurity involves more than database encryption, white and black-box testing and hardening. Rather, in order for such physical security tactics to be effective, they must work in tandem with organizational security practices.
If not, the results can be catastrophic.
There are countless examples where a company’s employees were the key lever in a cybersecurity breach. The Tesco bank fraud, Anthem’s massive data breach and the recent compromise of Equifax’s system are just a few examples.
What all these businesses have in common is that they’re comprised of individuals — all of whom have the potential to be an insider threat.
Here are the three primary types of insider threats:
- Human error.
We’re only human and human error is a major factor in cybersecurity breaches. From unlocked computers to stolen devices to confidential data sent to unsecure home systems, these mistakes can be very costly.
- Identity theft.
Cyber criminals are experts at stealing identities. Some accomplish this by compromising an employee's system through malware or phishing attacks. In most instances, attackers increase a hacked user’s access within a system — leading them to highly sensitive and valuable information.
- Malicious employees.
Unfortunately, disgruntled employees whose intent is to steal or damage are a real risk. Some steal competitive information, some sell data and many have a vendetta against the company.
The most dangerous aspect of insider threats is that the access and activities are coming from trusted devices, and will fly below the radar of even the most advanced detection technologies.
Based on the success of these types of attacks, they seem to represent a perfect crime. And in some organizations the challenge of identifying these elements has resulted in highly restrictive environments.
But security teams have another formidable adversary: reality.
While restrictive security policies may seem to be a valid strategy, they impede productivity, hinder innovation and frustrate users. That's why managers need to be aware of what to look for and how to focus their security efforts to get the greatest returns on security:
- Focus on the right systems.
Cyber criminals want what you value most. Identify the most-valuable systems and data, such as your customers personal information, and then give them the strongest defences and the most frequent monitoring.
- Apply deep analytics.
We are all creatures of habits, including how we use and interact with technology. Deep analytics and AI can uncover deviations in behaviour at the level of individual employees, which can make it much easier to spot indications that systems have been compromised.
- Document everything.
Understanding the users who hold the potential for greatest damage is critical. You need to address the security risks that these people represent, and the critical assets they access, by documenting who has access to what.
- Stick to the basics.
Getting the basics done well can make the biggest impact on insiders: Enforcing strong standards for user identities and passwords means stealing credentials is that much harder. Collecting all the data and forensics you can on every device that touches your network ensures that you are the first to know if you’ve been hacked, not the last.
- Most importantly, train your people.
User awareness programs are the key to educating insiders. Train your people and test them. These basics make an impact but do require time and effort.
At Hockeystick, we take data security and privacy very seriously and have quarterly employee security training and all employees use multi-factor authentication when accessing software applications on their respective computers.