Insider Threats: The Sleeper Cells Of Cybersecurity
It is no secret that Data breaches and cyber attacks have damaging effects. What is most concerning however is the growing sophistication of these cyber crimes. According to CII report known as India Cyber Risk and Resilience Review 2018, Insider threats are defined as any threat to an organization that originates from people who are associated with it and possess access to sensitive information which can lead to fraud, cyber sabotage and theft.
Attacks like worms, scams, keyloggers, phishing and adware target the human element in an organisation, that is, they seek out employees as prey. There- fore, today’s most damaging security threats do not originate from malicious outsiders or malware, but from trusted insiders.
Fluid workforces, with countless contractors diffused across the globe, are ushering in a new era of insider threat-related security risks. This trend points to a growing new vulnerability. Employees may be described as the foundation of any organisation, where one crack can send the whole enterprise tumbling down. Hence, It is entirely possible for a single individual to negate the effect of a Cybersecurity team.
The 2017 Forrester Report on mitigating Insider Threats states that 54% of respondents experienced an insider incident in the last year and One- fifth of the executives surveyed in the Ernest and Young report stated that employees are the weakest link for an organisation. These statistics may not be cause for alarm, but certainly is cause for concern.
In most cases, the reason behind an insider breach is unintentional negligence, the result of a lack of basic Cybersecurity knowledge. The naivety of the employee while handling critical information and credentials weakens the entire Cybersecurity landscape of the organisation. Insider threats fall into a blind spot for organisations, which lack the policies and strategies in place to deal with such threats. More often than not, a simple training session on risk management tactics could plug this sinkhole.
A sincere employee may send his work to his personal email, so that he may continue working from home, unaware that this is a security breach and may even be considered cyber espionage. It may also be challenging for companies to monitor such activities without hindering employees from doing their jobs and being more productive, especially when working from home and across devices is now common practice.
Along with technology such as time cards, and physical access systems, the following are three methods to combat insider threats:
Phishing tests to test user behaviour and training to improve user awareness
Phishing attacks target all organisations no matter their size or preparedness because they do not rely on technological vulnerabilities, but lapses in the security awareness of targeted employees. Social psychology techniques are used to send emails that appear credible, but far from it. Using email as a medium, soft targeting is a growing trend for this type of attack that tailors the email content to employees with specific roles within the organisation.
Whaling attacks target high profile employees such as CEO’s as they typically have complete access to all types of sensitive information, and may even be coerced to send wire transfers of large sums. Attackers garner information from social media accounts to make these types of attacks more plausible. The top phishing tools available on the market create simulated phishing attacks for employees and then track how they respond, essentially sharing insight on the human firewall of the organisation.
Phishing training frameworks typically present employees with the latest technologies and templates they may be targeted with. These solutions are flexible across all employee levels and can be tailored to the organisation’s sector, and use the cognitive methodology to encourage a positive behaviour change. Additionally, data can be easily availed for incremental training.
Identity and Access Management framework
IT teams can regulate user, administrator, and application access to critical data and systems with the use of Identity and Access Management. A systematically implemented IAM framework can help organizations handle emerging IT trends such as cloud, mobility, microservices, APIs. IAM systems also support organizations with role-based access, compliance reporting, segregation of duties and generate audit trails.
Implementation of threat detection systems
Threat detection software typically consists of software that is deployed from each endpoint device. This is then routed through a centralised managed platform for monitoring, administration and reporting. Such service bundles can be cloud-based or on-premise and comprise of host-based intrusion prevention, antivirus and policy management solutions.
While organisations still focus on protecting against external malware attacks, there is a clear shift of resources to mitigate insider risks, now that organisations understand the consequences. However, a point to note is that companies must be mindful of targeted policies to be put in place, as too much monitoring would infringe on the privacy of their employees and lower morale. There is a fine line between creating a big brother effect and monitoring sensitive data. As attacks grow more sophisticated, so should the methods that combat them.
Threat detection software typically consists of software that is deployed from each endpoint device. This is then routed through a centralised managed platform for monitoring, administration and reporting.