Insider threats, or threats from your own users, are the number one concern for Australian organisations according to the 2015 Australian Centre for Cyber Security (ACSC) survey results. Organisations are increasingly losing control of high-value information. Extenuating factors include bring-your-own-device (BYOD) usage, the sending of sensitive information to external people, and the use of cloud applications and collaboration tools. These threats are attributed to two types of individuals:
- Inadvertent insiders. Individuals that are unwittingly socially engineered by attacks such as spear phishing emails, drive-by downloads or direct contact with adversaries, that through their actions pave a path for external threat actors to infiltrate an organisation.
- Malicious insiders. Individuals with malicious intent possibly as the result of coercion or due to a drive for personal gain. This can include financial incentives for stealing sensitive information or corporate espionage.
As these users already have access to your system, it can be difficult to mitigate the risk of insider threats.
We’ve summarised our top 4 prevention strategies for insider threats:
- Perform background checks. Ensure your hiring process includes processes such as police and referee checks to identify possible risks.
- Gain visibility. Obtain an understanding of your digital environment through the implementation of controls such as centralised logging and correlation for user events, user behavioural analysis tools, internal security audits on high-risk roles, inspection of encrypted data coming in or out of the organisation and dynamic analysis of files in a sandbox container to check that they are safe.
- Restrict access. Identify the high-value information within your organisation and restrict access to it by having an effective identity management process and role-based access that gives a user access to only the information needed for their role. Apply segregation of duties where it requires more than one person to complete high-risk tasks, such as financial payments. Apply rights management services to enable user-driven access policies on high-value information.
- Create a security culture. Security is a business enabler that supports and secures the organisation. Positive security culture is created by communicating clear security policies that are supported by senior management. This includes having an acceptable use policy which covers usage of business systems, internet, cloud services and mobility, and is enforced; conducting regular security awareness campaigns for each type of user; performing regular internal ethical hacking to understand weak spots in processes or security controls; reporting on cyber security to senior management and executive board; and applying good security architecture principles early in ICT projects.
The insider threat is not a new problem for business but is a growing issue through the increasingly digital world that businesses now work in. An organisation must consider these threats when developing a holistic security program.