Saturday, November 2, 2024
HomeNew PostThree Defensive Measures to Defeat Insider Cyber Threats

Three Defensive Measures to Defeat Insider Cyber Threats

Published on

Malware protection

These days, businesses face a cybersecurity threat landscape that’s more complex and challenging than ever before. On any given day, there’s an attack launched against an internet-facing site or service every 39 seconds. And on top of that, businesses now have to defend against increasingly sophisticated malware and ransomware that can cripple business systems.

But those are only the external cyber threats businesses must face. Internally, they face a much tougher — and potentially catastrophic — kind of threat. According to the most recent Verizon Data Breach Investigations Report, 85% of all data breaches involve a human element. That means an insider, like an employee or contractor, inadvertently or intentionally acting to harm the information security of their employer.

Such attacks can be far more damaging to a business since the majority of cybersecurity tools and defenses focus on external threats. That means there’s often very little stopping an insider from doing serious damage before anyone can act to stop them. To prevent that from happening, businesses must create an active internal cybersecurity defense program. The following three measures are an excellent place to begin.

- Advertisement - SIEM as a Service

Make Access Conform to the Principle of Least Privilege

One of the biggest reasons that insiders can cause such havoc within a business network is something called permissions creep. It’s a concept that describes how individual employees accumulate user rights over time as their work and positions change. When an employee transfers between departments, for example, they might be given access to the systems they need to perform their new job but not have access to the systems required for their old role revoked. Over time, this leads to multiple employees having far more systems access than they should.

To solve the problem, businesses should undertake a complete credential and access review. The goal is to make all user accounts on all business systems conform to the principle of least privilege (PoLP). This should translate into a long list of revoked privileges on the first pass. And once all user accounts have only the necessary access rights and nothing more, it’s important to establish an ongoing procedure to keep it that way for the long haul.

Institute a Monitoring Policy

The fact is, some of the largest insider-related data breaches have resulted from accidents or ignorance. Not every insider threat is intentional, and often, an employee that enables a data breach may not even realize they’ve done something wrong. Unfortunately, this means businesses have little alternative but to keep tabs on employee activity to look for patterns that might indicate an emerging threat.

The simplest way to do this is to deploy monitoring software for employees on all company-owned devices and any other network-attached hardware. Doing so enables real-time visibility into employee activity and increases the odds of detecting improper employee behavior — inadvertent or otherwise — before the situation escalates. As a side benefit, such software also gives employers a means of tracking work, which often improves productivity and efficiency while lowering labor costs.

Define and Enforce Software Standards

In years past, businesses tended to favor technology standardization because it decreased the management burden on their IT departments. But today, in an era of bring-your-own-device policies and software stacks that may vary from department to department, standardization is rarely achieved. And while that might give employees a kind of technological flexibility they didn’t have previously — it also enlarges the cyber-attack surface businesses have to defend.

To remedy that, businesses should create a core list of approved software for use with critical business infrastructure. They might, for example, enforce a web browser policy that calls for a specific browser with a minimum version to access business web apps. And they can designate specific email apps to access company mail servers, and provide multi-account capabilities so employees can get all emails in one place from multiple business and non-business accounts.

Visibility and Control to Defeat Insider Threats

The three measures detailed above will accomplish three things for the businesses that employ them. The first is to cut down on how much of a security threat any individual employee can be. The second is to provide visibility into how employees are using their company-provided IT assets and a means of spotting trouble before it escalates. And the third is to cut down on the possibilities of security holes by removing untrusted or non-standard software from the defensive equation.

While these three tactics won’t eliminate the possibility of an insider threat emerging, they will reduce the odds of a data breach or other incident originating from inside company ranks. That, along with reasonable external threat detection and prevention, should go a long way toward helping businesses to stay safe in today’s challenging and ever-shifting cyber threat environment.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Make Online Payment Easy with Payment Gateways in India: All You Need to Know

Be it a startup, a small business, or a big enterprise, everyone wants to...

Basic rules of cybersecurity

Everyone stores a lot of important data digitally and no one wants it to...

How to Avoid Identity Theft

It is important to take precautions to avoid identity theft. Thieves will often target...