Three Defensive Measures to Defeat Insider Cyber Threats

These days, businesses face a cybersecurity threat landscape that’s more complex and challenging than ever before. On any given day, there’s an attack launched against an internet-facing site or service every 39 seconds. And on top of that, businesses now have to defend against increasingly sophisticated malware and ransomware that can cripple business systems.

But those are only the external cyber threats businesses must face. Internally, they face a much tougher — and potentially catastrophic — kind of threat. According to the most recent Verizon Data Breach Investigations Report, 85% of all data breaches involve a human element. That means an insider, like an employee or contractor, inadvertently or intentionally acting to harm the information security of their employer.

Such attacks can be far more damaging to a business since the majority of cybersecurity tools and defenses focus on external threats. That means there’s often very little stopping an insider from doing serious damage before anyone can act to stop them. To prevent that from happening, businesses must create an active internal cybersecurity defense program. The following three measures are an excellent place to begin.

Make Access Conform to the Principle of Least Privilege

One of the biggest reasons that insiders can cause such havoc within a business network is something called permissions creep. It’s a concept that describes how individual employees accumulate user rights over time as their work and positions change. When an employee transfers between departments, for example, they might be given access to the systems they need to perform their new job but not have access to the systems required for their old role revoked. Over time, this leads to multiple employees having far more systems access than they should.

To solve the problem, businesses should undertake a complete credential and access review. The goal is to make all user accounts on all business systems conform to the principle of least privilege (PoLP). This should translate into a long list of revoked privileges on the first pass. And once all user accounts have only the necessary access rights and nothing more, it’s important to establish an ongoing procedure to keep it that way for the long haul.

Institute a Monitoring Policy

The fact is, some of the largest insider-related data breaches have resulted from accidents or ignorance. Not every insider threat is intentional, and often, an employee that enables a data breach may not even realize they’ve done something wrong. Unfortunately, this means businesses have little alternative but to keep tabs on employee activity to look for patterns that might indicate an emerging threat.

The simplest way to do this is to deploy monitoring software for employees on all company-owned devices and any other network-attached hardware. Doing so enables real-time visibility into employee activity and increases the odds of detecting improper employee behavior — inadvertent or otherwise — before the situation escalates. As a side benefit, such software also gives employers a means of tracking work, which often improves productivity and efficiency while lowering labor costs.

Define and Enforce Software Standards

In years past, businesses tended to favor technology standardization because it decreased the management burden on their IT departments. But today, in an era of bring-your-own-device policies and software stacks that may vary from department to department, standardization is rarely achieved. And while that might give employees a kind of technological flexibility they didn’t have previously — it also enlarges the cyber-attack surface businesses have to defend.

To remedy that, businesses should create a core list of approved software for use with critical business infrastructure. They might, for example, enforce a web browser policy that calls for a specific browser with a minimum version to access business web apps. And they can designate specific email apps to access company mail servers, and provide multi-account capabilities so employees can get all emails in one place from multiple business and non-business accounts.

Visibility and Control to Defeat Insider Threats

The three measures detailed above will accomplish three things for the businesses that employ them. The first is to cut down on how much of a security threat any individual employee can be. The second is to provide visibility into how employees are using their company-provided IT assets and a means of spotting trouble before it escalates. And the third is to cut down on the possibilities of security holes by removing untrusted or non-standard software from the defensive equation.

While these three tactics won’t eliminate the possibility of an insider threat emerging, they will reduce the odds of a data breach or other incident originating from inside company ranks. That, along with reasonable external threat detection and prevention, should go a long way toward helping businesses to stay safe in today’s challenging and ever-shifting cyber threat environment.

PKI-Security Engineer & security blogger at gbhackers.com. She is passionate about covering cybersecurity and Technology.

Leave a Reply