Five Ways to Tackle Insider Threats
Insider threats are on the rise, and organisations must have robust plans in place to prevent and respond to these incidents
Insider threats, made mainstream by high-profile cases like the Edward Snowdon national security leaks in 2013, are a large and present threat to businesses.
Insider threats come in a variety of forms including disgruntled employees stealing data to sell to malicious actors; those carrying out industrial espionage; and staff manipulated online into giving away sensitive information, such as romance scams.
To raise awareness, every September marks National Insider Threat Awareness Month (NITAM).
Infosecurity has collated five key strategies for organisations to mitigate the risk posed by insider threats:
1. Access Management
Restricting employee access to only the data and systems they require to do their job is an important principle in cybersecurity generally, and a core component of zero trust architecture.
Access management is an ongoing process, requiring constant monitoring and updating for starters, movers and leavers. This is vital in reducing the risk of insider threat activity, with those leaving the business at higher risk of engaging in data theft – for example to get ‘revenge’ on their former employers or to bring important information across to a new role at a rival firm.
Businesses must properly segregate their networks to prevent any unauthorised access to sensitive data, and undertake periodic checks and controls to ensure security policies are being enforced.
2. Monitoring of Behaviour and Activity
Organisations should develop mechanisms for monitoring their employees’ behaviours and online activities, in a non-intrusive manner.
Threat actors often target employees via legitimate social media platforms and the dark web to trick or financially incentivise them into leaking sensitive data. As a result, businesses should monitor such channels for chatter about their company, cyber-criminals looking for insider knowledge, or disgruntled employees making unsavoury comments.
Organisations should also be observant of any suspicious behaviours among employees, such as attempting to access and download large amounts of data. Focus should be on people who are at higher risk of engaging insider threat activity, such as those who have handed in their notice or have been informed that their job is at risk in a company restructure.
Well-designed company whistleblowing programs can be integral in such behavioural monitoring.
Looking for more infosecurity & cybersecurity insights?
Keep up to date with the latest trends and expert insights from Infosecurity Europe.
3. Staff Well-Being
Many insider threats are not maliciously motivated – rather they are driven by factors like financial issues and stress.
Organisations are at a heightened threat of insider data breaches during difficult economic times.
Creating employee well-being and assistance programmes can help ensure staff are not driven to the point where they are tempted by financial offers from malicious actors. In addition, treating employees well will mean they are unlikely to develop a grievance towards the business, reducing the chances of malicious insider attacks.
4. Employee Education and Training
Organisations must ensure employees understand the social engineering techniques used by threat actors to trick or entice them into becoming insider threat agents. Such awareness programs should be continually updated as attackers adapt their approaches and the types of platforms they use to communicate with workers.
In addition, staff should be made aware of the potentially severe consequences of such activities, and that accessing sensitive data for anything other than work purposes is illegal.
5. Insider Threat Incident Response
Experts and national agencies have urged organisations to adopt specific incident response roles, responsibilities and processes, to deal with insider threat breaches.
Businesses must establish processes that utilise internal and external resources to enable investigation and remediation as quickly and efficiently as possible.
As with other incident response strategies, these processes should be practiced on a regular basis, assessing any gaps in response.
Enjoy this article? Make sure to share it!
Keep up to date with the latest infosecurity news and trends in our latest articles.
Stay in the know
Receive updates about key events, news and recent insights from Infosecurity Europe.
Looking for something else?