Mitigating Insider Threats

Insider threats may not get the same press as external threats, but they can account for up to 60% of successful data breaches. Threats to your environment can originate internally either unintentionally or purposefully, but both should be treated with the same precautionary care to ensure your business does not become another victim. In 2018, Verizon confirmed over 2000 insider-originated data breaches. Security professionals today must be aware of negligent threats and malicious threats alike to best protect both the business and its customers.

Here’s how opportunities for insider threats can arise and the steps you can take to address them:

Negligent Insider Threat

The negligent insider means well but nonetheless allows your network to become compromised. The most obvious example is someone who practices poor data security. They might respond to a phishing attack by disclosing their network credentials. They could open an email attachment or download a file that is infected with malware. They may even forget to log out of their workstation, leaving their physical computer unsecured. Simple human error – such as these easy mistakes – accounts for 17% of data breaches.

In any of these cases, there are three main countermeasures:

  • Train your employees to practice good data security and to deal with security threats such as phishing attacks This training will reduce the likelihood of a negligent breach.
  • Harden your system using firewalls and anti-virus software to block negligent insiders from facilitating attacks on your system.
  • Provide in-depth visibility with WireX to monitor user activity and ensure all your internal assets are practicing and complying with good data security behaviors.

The most well-known insider threat occurred in 2013 when hackers used a phishing attack to obtain legitimate network credentials from an outside vendor to the retailer Target. With the credentials stolen from the third-party contractor, hackers were able to install malware on Target’s point-of-sale terminals, resulting in a theft of about 40 million credit and debit card numbers.

Malicious Insider Threat

Malicious insiders must be dealt with differently from negligent insiders. Unlike the negligent insiders, malicious insiders intend to wreak havoc on your network using

their own legitimate credentials. Permissions granted to the insiders are the only limits on their access to your network. Entities with malicious intent have no boundaries. They may steal information to personally benefit themselves, or they may hold ill will and try to damage your company. They could steal money, intellectual property, customer data or your company’s most highly guarded secrets, all of which can significantly harm your business.
Malicious insiders may take active measures to avoid detection or hope that lax company policies will allow them to carry out their objectives before being caught. The following are countermeasures you can take against malicious insiders:

  • Terminate network credentials of former employees. Disgruntled employees are often sources of malicious insider attacks.
  • Manage network permissions for current employees and use segmentation. Detection of malicious insiders can be complicated by network users who have more access than they need for their work and where Zero Trust plays a key role.
  • Use customized WireX solutions to eliminate blind spots in software applications. Audit trails and usage monitoring can help your security personnel identify threats in real time and investigate breaches or anomalous activities as soon as they are detected.

A recent case highlighted the problem of malicious insiders. An employee at Google’s self-driving car division left his employer to start his own self-driving car company. That company was eventually bought by Uber. The problem was that the former Google employee had copied thousands of files before leaving Google and sold those files to Uber as part of the sale of his company.

Insider threats can be contained

It is crucial to ensure you have every precautionary measure in place to deter insider threats from becoming data breaches. In addition to the steps listed above, you can empower your entire security team to handle more threats in significantly less time. WireX provides easy-to-use forensics context, delivering months of in-depth visibility to efficiently reveal the scope and impact of security incidents. Visibility is especially important as it becomes the last line of defense if an internal threat bypasses all your other security controls. Schedule a demo today to see how everyone in your security team can become an expert-level analyst.

linkedin facebook twitter

Learn more about WireX paradigm shift to Incident Response

Top 3 requirements to turbocharge your Incident Response

Read about WireX Systems Incident Response Platform