Saturday, July 13, 2024

Three Defensive Measures to Defeat Insider Cyber Threats

These days, businesses face a cybersecurity threat landscape that’s more complex and challenging than ever before. On any given day, there’s an attack launched against an internet-facing site or service every 39 seconds. And on top of that, businesses now have to defend against increasingly sophisticated malware and ransomware that can cripple business systems.

But those are only the external cyber threats businesses must face. Internally, they face a much tougher — and potentially catastrophic — kind of threat. According to the most recent Verizon Data Breach Investigations Report, 85% of all data breaches involve a human element. That means an insider, like an employee or contractor, inadvertently or intentionally acting to harm the information security of their employer.

Such attacks can be far more damaging to a business since the majority of cybersecurity tools and defenses focus on external threats. That means there’s often very little stopping an insider from doing serious damage before anyone can act to stop them. To prevent that from happening, businesses must create an active internal cybersecurity defense program. The following three measures are an excellent place to begin.

Make Access Conform to the Principle of Least Privilege

One of the biggest reasons that insiders can cause such havoc within a business network is something called permissions creep. It’s a concept that describes how individual employees accumulate user rights over time as their work and positions change. When an employee transfers between departments, for example, they might be given access to the systems they need to perform their new job but not have access to the systems required for their old role revoked. Over time, this leads to multiple employees having far more systems access than they should.

To solve the problem, businesses should undertake a complete credential and access review. The goal is to make all user accounts on all business systems conform to the principle of least privilege (PoLP). This should translate into a long list of revoked privileges on the first pass. And once all user accounts have only the necessary access rights and nothing more, it’s important to establish an ongoing procedure to keep it that way for the long haul.

Institute a Monitoring Policy

The fact is, some of the largest insider-related data breaches have resulted from accidents or ignorance. Not every insider threat is intentional, and often, an employee that enables a data breach may not even realize they’ve done something wrong. Unfortunately, this means businesses have little alternative but to keep tabs on employee activity to look for patterns that might indicate an emerging threat.

The simplest way to do this is to deploy monitoring software for employees on all company-owned devices and any other network-attached hardware. Doing so enables real-time visibility into employee activity and increases the odds of detecting improper employee behavior — inadvertent or otherwise — before the situation escalates. As a side benefit, such software also gives employers a means of tracking work, which often improves productivity and efficiency while lowering labor costs.

Define and Enforce Software Standards

In years past, businesses tended to favor technology standardization because it decreased the management burden on their IT departments. But today, in an era of bring-your-own-device policies and software stacks that may vary from department to department, standardization is rarely achieved. And while that might give employees a kind of technological flexibility they didn’t have previously — it also enlarges the cyber-attack surface businesses have to defend.

To remedy that, businesses should create a core list of approved software for use with critical business infrastructure. They might, for example, enforce a web browser policy that calls for a specific browser with a minimum version to access business web apps. And they can designate specific email apps to access company mail servers, and provide multi-account capabilities so employees can get all emails in one place from multiple business and non-business accounts.

Visibility and Control to Defeat Insider Threats

The three measures detailed above will accomplish three things for the businesses that employ them. The first is to cut down on how much of a security threat any individual employee can be. The second is to provide visibility into how employees are using their company-provided IT assets and a means of spotting trouble before it escalates. And the third is to cut down on the possibilities of security holes by removing untrusted or non-standard software from the defensive equation.

While these three tactics won’t eliminate the possibility of an insider threat emerging, they will reduce the odds of a data breach or other incident originating from inside company ranks. That, along with reasonable external threat detection and prevention, should go a long way toward helping businesses to stay safe in today’s challenging and ever-shifting cyber threat environment.


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles