An Inside Job: The Real Threat to Your Business Network’s Security
Today, the number of types of cyber-attacks which threaten the security of your businesses are endless. We’ve discussed the greatest weakness in network security being users before, but the focus was in a non-acting participant being coerced into clicking on a malicious link or opening a dangerous attachment.
We often focus so much attention to building a secure network wall that we neglect the very real threat from within. According to IBM’s Cybersecurity Intelligence Index, 55% of cyber-attacks are carried out by insiders. This is proven to have a growing impact on companies who are struggling to protect their proprietary information and data.
Don’t Deny the Magnitude of the Potential Risk
Many organizations acknowledge that they do not have appropriate safeguards to prevent, or even detect attacks involving an inside employee. The result is over 80 Million insider attacks occurring in the United States each year. Though 80 Million is considered a very rough estimate due to most breaches going unreported.
A further realization comes from the 2016 State of Cybersecurity & Digital Trust report released by Accenture and HfS Research. More than 200 enterprise security professionals were surveyed, with over 69% reporting an attempted theft or corruption of data by insiders during the last 12 months.
Despite these staggering stats, there is little coverage on this known issue. For example, the SEC’s Cybersecurity Examination initiative has only raised the topic of insider threats as a cliff note in their Assessment Tool since it began providing cyber security guidance in 2014. Hardly sufficient given the potential risk and reach such a threat has to your business.
So, what can I do to Reduce Exposure?
Insider threats can be difficult to identify and block, unlike their outside counterparts, these users are generally granted permission. The detection for abuse of these privileges is tricky, but not impossible.
- Proper Identification: Establishing clear identities for all users, their devices, and access points allows you to enforce privileges. All local accounts should be pushed to a centralized management tool, with any shared profiles eliminated. This way, insiders can only access your systems for their job through their identifiable profile.
- Log & Monitor Everything: The biggest benefit to properly establishing identifiable profiles goes beyond the ease to alter access/denial privileges. It also helps in developing a proper log history of all activity, acting as a digital audit trail. Further, logging access attempts, whether successful or not, help to develop data that can be reviewed to identify patterns of suspicious behavior by users. Creating a profile based recording and having the ability to generate access reports are central to any IT staff’s capability for threat prevention.
- Multi-Factor Authentication (MFA): A simple password just isn’t sufficient in protecting from inside (or external) threats. Enforce a MFA policy that uses multiple methods to prove a user’s identity, thus being a highly effective means to preventing access to information that someone shouldn’t have; especially in situations where someone may have captured another users’ credentials.
- Default Minimal Privilege Policy: Creating default profiles with minimal access privileges is a far more effective way to manage newly established accounts. Locking down administrative accounts and applications on a role-based level eliminate the possibility that curious users aren’t looking at information they should have access to. Instead, users should request privileges that requires approval. Users should have enough access to only perform their core job functions, providing greater control of unauthorized access from the employee, or the threat from outside in an event where their identity/profile is stolen.
These are just a few of the best practices we use to protect our clients from Insider/Outside threats each and every day. To learn more, Contact Us!