How to Develop a Comprehensive Strategy for Combating Insider Threats
In a previous post, we took a look at the serious problem of insider threats. Accounting for 30 percent of all security breaches, insider threats include well-meaning users who make mistakes or work around security policies and insiders who attack company IT systems out of malice or for personal gain. The most expensive insider attacks involve credential theft, in which outside hackers steal legitimate usernames and passwords to gain access to IT systems.
Because 62 percent of insider threats involve human error or negligence, well-crafted cybersecurity policies and user education can go a long way toward reducing the risk. For those cyber threats involving malice or stolen credentials, behavior analytics tools can be used to spot changes in user activities that could signal an insider attack.
There are other steps you can take as well to prevent hackers and malicious insiders from accessing sensitive resources and bolster your insider threat security:
1. Follow the principle of least-privilege access
Organizations routinely give users access to applications and services they might need just so workflows won’t be impacted. Problem is, every username and password that’s issued creates another potential avenue of cyber attack. According to security best practices, users should only be given access to the applications and services they need to do their day-to-day jobs. Adhering to the principle of least-privilege access greatly reduces the risk of insider attack.
The number of credential insider theft incidents almost tripled since 2018.
2. Privileged Access Management
User credentials that provide administrator-level access to systems are like the keys to the kingdom — they should be carefully guarded. Privileged access should only be given to those who absolutely need it, and each administrator should have a unique username and complex password that’s changed frequently.
3. Control access to data files
In many organizations, data files are stored on global file systems that can be accessed by anyone on the network. More than half of companies that participated in a 2019 study by Varonis Data Lab had at least 1,000 sensitive files that could be accessed by all employees. According to a new report by Getapp, companies that allow unfettered access to data are four times more likely to suffer a data breach. Data files should be categorized and organized according to risk level, and access permissions assigned accordingly.
4. Review access privileges regularly
User access privileges should be reviewed at least annually to ensure that they are still appropriate. Additionally, the credentials associated with specific applications and services should be reviewed to identify any dormant or unneeded accounts that can be eliminated. Procedures for granting access ideally should involve multiple individuals so that there are checks and balances.
5. Implement rigorous offboarding processes
When employees leave the company — even on good terms — all access credentials should be revoked immediately. This includes any access to cloud-based applications and data. A study by Osterman Research and Intermedia found that 89 percent of former employees still had access to at least one of their ex-employer’s applications, and 49 percent admitted to logging in to their ex-employer’s systems. Malicious ex-employees who still have access could do a tremendous amount of harm.
6. Pay close attention to third-party access
Many organizations give business partners, contractors and other third parties access to their IT systems. Those credentials should be strictly limited, reviewed regularly and terminated immediately when access is no longer required.
How GDS Can Help
The cybersecurity experts at GDS can help you assess the insider threat to your organization and develop policies and procedures that reduce the risk. Let’s sit down (in person or virtually) and develop a comprehensive cyber security strategy that protects your systems and data.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.