Chief information officers and chief information security officers have been concerned about insider security threats for years, and things are only getting worse. A 2018 analysis by McKinsey & Company found insider threats were involved in roughly half of all cyberbreaches studied.
Yet, not all insider threats are the same. While many are malicious, sometimes an insider threat is not the result of nefarious intentions by an employee, but rather the result of an employee’s being compromised and exploited by an outsider. What is the best way to protect the business from threats and breaches that emerge behind the firewall?
Job one is to combat insider threats by controlling access to data. Whether it’s a bad actor using an employee to gain access, or if somebody fat-fingers a configuration and exposes something that should be on a secure path, all of these manifests are based on access control.
When you look at any file in your environment, can you answer: Who has access to it? What access do they have? From where? And more importantly, why? If you can’t answer those questions, how do you address the insider threat? Access control is all about defining who has access to what and gaining control over that process.
Next, it is important to establish a data privacy framework. With the rise of privacy regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018, the manner in which enterprises handle data needs to be an integral part of the security conversation. Meeting privacy regulations comes down to accountability, and this goes back to controlling access among company insiders.
It is also important to perform a risk assessment. Risk management is something most of us do in everyday life. Yet, in companies, if you’ve never done a risk assessment to understand the risk to certain business datasets, you don’t really know what damage can be caused by an insider threat. Therefore, you can’t prioritize how you to leverage the available security options. Organizations need to start doing risk analyses and risk assessments to better engage with data assets, so they can, in turn, know what solutions are going to work best to mitigate insider threats.
Understanding and addressing insider threats is an important component of any security strategy. When an attack happens, it’s no longer okay to just shrug your shoulders and plead ignorance. You need to have strong safeguards, controls, policies and strategies in place, because otherwise you’re being negligent.