Defending your organization from threat actors outside your network is one thing. But it’s another thing entirely when they reside inside your organization.
A single malicious insider has the potential to use their access to resources to leak all the high-value data, personal identifiable information (PII), and intellectual property they have access to on a day-to-day basis.
Research conducted by Cyberhaven has found that insider threats are so common that nearly one in 10 employees (9.4%) will exfiltrate data within a six-month period. Most commonly, data leaked includes customer data and source code.
This Insider Threat Awareness Month, Techopedia connected with some of the top security leaders and analysts in the enterprise market to examine how organizations can protect themselves against malicious insiders.
Below are their comments (edited for brevity and style).
8 Insider Threat Mitigation Strategies from Experts
1. Go Back to Basics
“These campaigns target employees who tend to be unaware of the telltale signs of a cybersecurity threat, creating even more stress for security teams when they are already being stretched thin.
To help limit some of these unintentional insider threats, it is essential for all employees to have a basic understanding of good security practices and for security teams to have a full view of talent management.
What’s more, CISOs need to have visibility into their own network to track insider threat indicators, such as data transfers and accessing unusual resources.
Identity Management and Visibility into SaaS applications’ user activity will help them close the gap on insiders. By doing so, CISOs won’t have as many blind spots when it comes to their defensive strategies and can quickly respond when a threat emerges.”
Rick McElroy, principal cybersecurity strategist at VMware Carbon Black.
2. Automating Identity Management
“Stolen identities continue to cause massive security breaches – and insider threats are a major part of the story.”
“Without strong identity governance and a least-privileged access model, malicious insiders can move laterally across an organization’s systems to exploit valuable data.
Such threats are a particularly pernicious type of unauthorized access, this overall method resulted in 91% of all records breached in the U.S. in 2022.
In light of National Insider Threat Awareness Month, organizations must work to embrace faster and more scalable security methods, such as decisioning AI, which can automate cumbersome workforce identity governance tasks to evaluate users quickly and the resources they can access.
Such an approach can accelerate an organization’s Zero Trust maturity by enabling finer-grained, more dynamic, and contextually sensitive access decisions. In this way, security teams can better manage the looming security of insider threats – not just this month, but year-round.”
Eve Maler, CTO of ForgeRock.
3. Regulate Generative AI Use
“Generative AI is one of the fastest emerging insider threats we have faced for a long time. GenAI applications like the widely popular ChatGPT platform have put the power of GenAI into the hands of everyday users, creating a low point of entry in leveraging this technology.”
“In today’s workforce, where many are trying to do more with less, the promise of work-saving technologies like GenAI may incentivize employees to try or regularly use the tool, potentially exposing confidential or sensitive information.
It is critical that organizations have policies in place to regulate the use of GenAI and train employees on the dangers these technologies and tools present.”
Mike Scott, CISO of Immuta.
4. Remember Security is a Team Sport
“Insider threat is a major concern for CISOs and top executives, but acknowledging that concern internally is challenging because it can feel like you’re saying you don’t fully trust your colleagues, which can be isolating and cause internal strife. CISO should be a partner in security, not the security police.”
“There’s always going to be potential for some people to purposefully be bad actors, but CISOs can instill preventative measures against insider threats in many ways that still show respect to their coworkers and don’t assume malicious intent…
It’s really, really important to explain why we’re doing what we’re doing both clearly and with respect – security is a team sport.
Considering the motivations behind the potential attacks lets us more effectively ameliorate insider threats without alienating the people we work with.”
Lea Kissner, CISO of Lacework.
5. Understand Your Infrastructure
“In today’s evolving and increasingly complex digital landscape, protecting your business against insider threats is critical.”
“Concerns for insider risk exist across industry verticals. One of the most prominent being within the US State and Local Government and Higher Education (SLED).
Recent research shows that SLED employees perceive the top three most likely attacks to occur as personal information exfiltration, insider threats, and ransomware.
These types of attacks combined together can be catastrophic for an organization and erode customer trust, tarnish the brand, and cost a significant amount of money to remediate…
In order to prevent these threats, organizations need to understand their infrastructure, implement robust access controls, and monitor for misuse. And, because of the inherent sensitivity surrounding insider threats, it’s equally important that business leaders create a security-focused culture.
Employees should feel empowered to identify suspicious activity and comfortable enough to say something as soon as they notice it.”
Theresa Lanowitz, Head of Evangelism at AT&T Cybersecurity.
6. Use Rigorous Identity Verification
“Many companies’ security leaders focus their efforts on external threats – and rightfully so, as the explosive growth and accessibility of powerful technologies like AI has allowed dangerous fraudsters to bolster their attack capabilities to new levels.”
“But it’s equally important for business leaders to remember that locking down external threats does nothing to protect against the ones that have already made it through their defenses.
AI-powered tools, like image and voice deep fakes, enable fraud actors to impersonate whoever they choose with terrifying accuracy, leading to skyrocketing rates of business email compromise and other forms of fraud carried out from the inside.
When employee’s voices and images are untrustworthy, it’s more important than ever to make absolutely sure that the people behind them are, in fact, who they say they are.
Companies that fail to implement rigorous identity verification in their onboarding processes, such as biometric authentication tools, put themselves at serious risk of falling victim to fraud from criminals masquerading as their own executives.”
Janer Gorohhov, CPO & co-founder of Veriff.
7. Don’t Forget Zero Trust
“When addressing insider threats, there are several things that organizations often fail to take into account, including placing more focus on malicious insiders than inadvertent insiders.”
To address the latter, organizations must create a culture of security in which employees understand how to better recognize security risks and feel empowered to report suspicious behavior.
Another critical step is to ensure the proper infrastructure is in place to prevent these threats in the first place.
The best way to achieve this is through a Zero Trust approach, which requires continuous verification and authorization for all users and devices, ensuring that only authorized users have access to systems and data regardless of their location or device.
By implementing a Zero-Trust model, organizations are able to identify suspicious activity that may be indicative of insider activities, allowing them to prevent threats.
In the case that insider threats do, in fact, infiltrate an organization’s systems, it is critical to respond quickly in order to minimize impact, which Zero Trust can also achieve.”
Dylan Owen, chief engineer at Raytheon.
8. Security Hygiene
“This National Insider Threat Awareness Month, it’s important to raise awareness around some of the most commonly exploited vulnerabilities within an organization’s internal network. According to NetSPI’s 2023 Offensive Security Vision Report – which is based on more than 300,000 pen testing engagements – we found that excessive internal permissions continue to plague organizations.”
We witnessed network shares or SQL servers that unintentionally allowed access to all domain users, which often contain sensitive information, credentials to other services, or customer data (such as credit card numbers or PII).
Unexpected excessive privileges lead to a large number of internal users having access to unintended sensitive data. All it takes is one rogue employee to cause major damage.
Additionally, weak or default passwords continue to be used within organizations, especially when accessing internal networks that contain highly sensitive information.
Unlike interfaces exposed externally, interfaces on the internal network typically don’t require multi-factor authentication, making the likelihood of compromise much greater. Basic security hygiene, as well as an understanding of internal sharing protocols, can provide a solid foundation in bolstering protection against insider threats.”
Nabil Hannan, Field CISO at NetSPI.
Dealing with insider threats can be tricky, but focusing on cybersecurity fundamentals can make the process much more manageable.
By promoting best practices like Zero Trust access controls, automated identity management, and identity verification, you can drastically reduce your exposure to malicious and negligent insiders.
If you’re worried about signalling you distrust employees, put their concerns at the heart of your security program, and make them partners in protecting each other and your organization’s information.