Less malicious, but no less potentially harmful acts include policy violations, carelessness or being duped by cybercriminals that use increasingly sophisticated attacks to gain access.
“These activities typically persist over time, and occur in all types of work environments, ranging from private companies to government agencies,” notes CISA.
How Can We Reduce the Risk of Insider Threats?
Every business executive wants to believe that their employees are well-intentioned and have the company’s best interests at heart. The reality is that sometimes that is just not the case.
Establishing a cohesive approach to cybersecurity is the best way to combat insider threats. Here is a closer look at measures to consider:
Do A Thorough Assessment. Prevention begins with a clear understanding of your assets, vulnerabilities and potential threats. An independent IT assessment of your technology stack gives you a thorough understanding of risks and potential solutions.
Develop a Formalized Insider Threat Program. Carnegie Mellon University’s CERT Insider Threat Center recommends developing a program that would define the staff, processes and policies and oversight mechanisms. Detailed processes would include incident response plans, training and communication protocols. ” The best time to develop a process for mitigating malicious insider incidents and the unintentional insider threat is before they occur, not as one is unfolding.,” notes a Carnegie Mellon blog post on the topic. “When an incident does occur, the process can be modified as appropriate based on postmortem results from prior incidents.”
Create Policies. Does your business have policies about the use of external devices to access corporate servers? Are business apps accessible using multifactor authentication? These are just two of the policy areas that your business should have codified, explained to employees and reinforced. Your policies need to establish the behaviors you expect to be followed and the enforcement steps that will be taken for nonadherence.
Monitor Behavior. While this item may feel a bit like Big Brother, it’s important that access and use of sensitive information is scrutinized. As noted in the Verizon report: “Track insider behavior by monitoring and logging access to sensitive data. Make it clear to staff just how good you are at recognizing fraudulent transactions.”
Investigate Behavior. Monitoring solutions such as next-gen firewalls are excellent deterrents, but only if questionable activity is scrutinized. Even if the behavior seems irrelevant, such activity should be investigated, no matter where it occurs.
Reassess Access. Organizations should routinely evaluate which inside actors have access to servers, folders and data. As roles change, the need for access to information and storage may no longer be necessary. In a related action, organizations should ensure that former employees no longer have access to systems, networks or devices related to their work.
Invest in Training. Policies, programs and monitoring are all good measures but are less effective without a training component. Employees need to understand the role they play, how to remain vigilant and the process for reporting suspicious behavior (including using confidential processes where appropriate).
Focus on Physical. Be sure to limit access to on-premises data centers and hardware that may contain sensitive information. Location access policies and monitoring can deter unwanted behavior.
At Centerpoint, we help companies with every phase of data security. From initial assessments to ongoing monitoring solutions to data storage and recovery, our teams help companies throughout the Atlanta area reduce the risk of a cyberattack. To learn more, contact us today for an initial conversation about your cybersecurity needs.