Accounting for Insider Threats Within Your Security Posture

Did you know that one of the most dangerous cybercriminals could be your very own employees? 

Take the case of Christopher Dobbins; he’s the perfect example of an insider gone wrong. Three days after receiving his final payout from his previous employer, he used a fake account to log into his former employer’s system. He then edited 115,581 records and deleted 2,371, disrupting the company’s shipping processes, causing significant delays. His former employer was a medical device packaging company, so every delay was problematic and potentially life-threatening. 


Recognizing Insider Threats

Sounds incredible? It’s more common than you think. Statistics show that insider threats cause about 34% of all breaches. So it’s no surprise that 90% of organizations worldwide consider malicious insiders a significant threat to their security.

Mr. Dobbins’ case was a classic example of an insider threat; he found a gap within his company’s system and used it to his advantage. But his story is just the tip of the iceberg when it comes to malicious insiders. Insider threats can be anyone — your colleagues, employees, sometimes even those you consider friends. They can be recent hires, long-standing employees, often employees on their way out, vendors and partners with access, and usually someone you would never consider a risk. 

For how common they are, it’s startling that 45% of organizations admit they are ill-equipped when it comes to coping with the threat of malicious insiders. So let’s explore what insider threats look like, as well as a few ways to protect your organization from their schemes.

Negligent Insider Threats

When innocent people fall victim to a phishing attack and, as a result, disclose sensitive information and cause damage, they are called negligent insiders, in contrast to malicious insiders who do it intentionally.

Incidents involving negligent employees or contractors cost an average of $307,111 — not to mention the reputational damage they cause. The number of insider incidents keeps increasing year by year, making them one of the most common and complicated cyber threats around. The growing number of employees who work from home because of the COVID-19 pandemic further increases opportunities for this activity. An FBI report noted a 400% increase in online scams tied to the pandemic


Preparing for Insider Threats

These statistics highlight the importance of improving your organization’s security posture. To start, think through different areas in your cyber defenses. One of the most important is ensuring your tool stack and processes can account for insider threats. It is not enough to try to keep the bad guys out of your systems — it’s much wiser to assume they are already present. 

Here are a few ways to safeguard against both malicious and negligent insider threats: 

Monitor Your Systems

One of the best ways to prevent insider threats is to monitor all the activity on your network. This includes keeping track of what is happening within your files, tracking access and access attempts, and email across all sources and devices. It is also essential to look at the east-west traffic. 

Tighten Access and User Permissions

Another crucial task is to identify all sensitive files and their location within your organization. From there, use strict protocols to control who has access to those files. Remember, applying the “least privilege model” of access is crucial, meaning users should only have the minimum level of access needed to perform their job. You should also remember to update those permissions as your projects and teams change. Controlling access is where policies and procedures become critical to establish and maintain. A strict policy with poor follow-up can undermine your efforts.

Leverage Behavior Tracing and Analytics

Organizations deal with an overwhelming volume of suspicious activity, logs, and alerts that require analysis. Unfortunately, one of the most common headaches for IT departments is the extensive manual labor required to identify and correlate these signals across the network, especially over time. 

The problem is that historical analysis is too difficult to perform because of the retention policies and cost-prohibitive storage requirements that limit typical SIEM and log management tools. As a result, when the security team’s visibility is limited, they miss threats. 

When data analysis is too complicated, organizations can’t identify threats in time to prevent a breach. A tool that uses behavioral tracing and analytics to recognize anomalies will save your team valuable threat detection time and allow you to focus on the threats that matter. 

Persistent Behavior Tracing (PBT) stores deduplicated behavior attributes associated with each event on a per entity basis. Thus, PBT allows for a historical contextual view over an unlimited timeframe without massive storage requirements.


Put Your Preparedness to the Test

Want to know if your security setup is up to par to handle insider threats?

Download our Warning Signs ebook to discover key areas of your security posture that may indicate your cybersecurity needs an overhaul. 

New call-to-action