Cybersecurity threats abound from outside an organization. Often, however, inside actors pose just as much – if not more – of a threat. When beginning to discuss this insider threat, the tendency is to focus on disgruntled employees. But mitigating insider threat is more complex than dealing with disgruntled employees; it includes unknowledgeable or negligent employees, contractors with internal access, as well as malicious insiders.

Understanding those insider threats to which your organization is susceptible is the first step toward ensuring cybersecurity. Deterrence, detection, and mitigation programs are critical for safeguarding proprietary information from exploitation, compromise, and unauthorized disclosure. Taking the time to develop these capabilities fundamentally improves the odds of your organization ending an insider threat before it can wreak havoc. By leveraging policies, networks, systems architecture, and human resources, you can ensure a comprehensive approach to cybersecurity.

Let’s explore the three principal insider threats and learn how to counter these internal breaches.

Malicious Insider Threat

Online interactions are unavoidable within the daily functions of an organization. With a heavy dependency on email as a means of communication and the use of social networks for corporate communication and promotion, companies put their intellectual property at risk. These interactions and interfaces can provide an access point for unwanted intrusions, leading to leaked data or other forms of compromised information security. A malicious insider threat happens when a current employee, or someone who has authorized access to a company’s network, system, or data, intentionally exceeds or misuses that access.

The malicious insider intends to negatively affect the integrity of the company’s intellectual property or the availability of its information systems. The motivation for these acts is an array of what the Federal Bureau of Investigation calls “personal factors,” from greed or financial need to problems at work to revenge. The execution of a malicious insider threat is often difficult to identify and may last over several months or longer. Often, employees take proprietary information when they are, or believe they will be soon, searching for a job at a different organization.

Organizations may play an unwitting role in allowing for an insider threat. A lack of structure, policy, and regulation exposes company operations to potential attackers, with limited ability to identify or prevent the malicious insider. Companies that do not sufficiently secure their intellectual property create an environment where theft is easy. Permitting a lax environment makes intellectual property theft easy. It also makes the intentional destruction of property or the placement of so-called false flags easy.

Incorrect labeling, inadequate facility and network security, and failure to train employees in the proper handling of sensitive information and materials are all ways an organization leaves room for dangerous access. To understand your cybersecurity needs, you must obviously understand the nature and extent of your risk. A thorough risk assessment will help your organization prioritize your identification and response to potential malicious insider threats.

Accidental Insider Threat

While an insider may take deliberate steps to threaten a company’s security, there also exists the problem of someone who creates a cyber-threat unknowingly. The ease of access to and reliance on computers in nearly all workplaces makes it that much easier for an insider with harmful intentions to retrieve sensitive data or plant-damaging software. Still, the introduction of malicious software (such as malware, viruses, or spyware) can unwittingly occur through employee use of a company’s network via computers, USBs, and mobile devices.

An accidental insider threat can occur, for example, when an employee falls prey to an email scam or phishing and grants another party access to the organization’s network. An unsuspecting employee may also accept a malware-infected USB device from an outsider and use it without questioning its safety.

Social networking sites are prime enablers for accidental insider threats because of the diminishing privacy that occurs the more a user shares. Even with high-security settings, sharing information on social media sites can allow outsiders to gain location data or other details that should remain private. Employees who provide abundant personal information on social networking sites also open themselves up to imposters.

The more sharing of information, the more likely someone could impersonate an employee to gain unauthorized access to organizational data. The unsuspecting employee may harbor no ill will toward their employer and will more than likely not even realize they have allowed a breach to occur. The breach may allow bad actors the opportunity to access a company’s infrastructure and steal intellectual property or personally identifiable information. Either may cost a company millions of dollars to mitigate. The damage such a breach costs to an organization’s credibility and productivity is inevitably significant as well, if less quantifiable.

Threats from Outside Contractors and Trusted Business Partner

Outside contractors and trusted business partners who are granted access to your organizational data and/or networks can be responsible for both malicious and accidental threats. There are many reasons why a contractor or partner might deliberately jeopardize your data, from competition to personal gain to criminal intent. Meanwhile, any user who has access to your network and data – including outside contractors and trusted partners – may accidentally admit a threat if proper safeguards aren’t established to protect data security. When extending network privileges and sharing data with an external entity, you must ensure they aren’t wittingly or unwittingly sharing that data and/or access with a third party.

Mitigating Insider Threats

Both malicious and accidental insider threats can disrupt a company’s operation and endanger stability. However, the threat can be mitigated by adhering to a proven cybersecurity framework. This framework can help organizations establish guidelines to bolster network security and mitigate the insider threat. It has three main features:

∙ Employee Education: Informed employees are the first line of defense. Employees must be educated so that they are knowledgeable about ways that outsiders can gain access to sensitive organizational information. As part of a robust network security system, employee education can create a foundation within an organization, ensuring an understanding of preventive measures. Education should cover basic online safety (i.e., avoiding clickbait and scams). Routine protective techniques, such as frequent password changes and the use of anti-virus software, should also be covered. Companies should also provide guidelines on how to react to prevent possible breaches from progressing. Annual workshops addressing security concerns and procedures help integrate these policies into a workplace’s daily culture. Providing policies to new employees about system security also increases awareness throughout the workforce.

∙ Clear Expectations: Though not everyone engages in social networking, the reality is that online interactions are widespread and frequent, especially with mobile devices. Organizations should clearly define and enforce their expectations for online employee behavior in a written policy. Define what type of information can and cannot be made public and make employees aware of the risks posed by over-sharing.

∙ Early Detection: Providing employees with an anonymous method to report suspicious activity promotes early detection. Tip lines or online forms give employees a confidential means of drawing attention to potentially harmful behavior within the workplace. Software designed to detect threats like viruses and spyware is also essential for any good cybersecurity framework.

Conclusion

Everyone on your team must make data security a top priority to protect organizational data. A successful program requires leaders to maintain constant vigilance of the insider threat. Creating methods to monitor and mitigate is key to long-term insider threat risk management. Additionally, fostering an educated workplace and establishing clearly defined guidelines for cyber activity will help maintain the health of a company’s network security while reducing risks of insider threat. Subscribe to Momentum’s news and blog portal to stay updated on current cybersecurity trends, technologies, and best practices.

This post is adapted from a recent Momentum white paper, Insider Threat: Monitoring and Mitigating Threats to Network Security. To learn more, drop us a line at info@m-inc.com.