Many businesses are starting to understand that the biggest concern for their business lies right under their noses: their own employees.

According to a new study conducted by Cybersecurity Insiders, over half of organizations (53%) have confirmed an insider attack within the last 12 months. The group polled 400,000 people for its 2018 Insider Threat Report and found that ninety percent of businesses feel they are vulnerable to an insider attack.

While many organizations focus on potentially malicious insiders, insider intentionally looking to do harm to an organization, it’s much more common for employees to partake in accidental or negligent activity. Nevertheless, insider threat detection is a top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).

An article on Dark Reading describes these 5 red flags and best practices to help your organizations determine when an insider threat is happening and what you can do to protect against them.

1. Unauthorized Data Access

Reports by Cybersecurity Insiders have found that the top enabling risk factor for insider threats is too many users with access privileges (37%), followed by the increased number of devices with access to sensitive data (36%), and greater complexity of IT (35%). The good news is that organizations across the spectrum are investing in protective measures with Intrusion Detection and Prevention Systems (63%), log management (62%), SIEM systems (51%), and predictive analytics (40%).

The tools your organizations invests in will depend on the size of your business, but storing valuable data in a subnet is recommended as a start. With these basic monitoring and security tools in place, you’ll start to notice repeated access if an authorized person repeatedly tries to gain access.

2. Suspicious Activity

Behavioral monitoring tools have advanced over the last several years and work by building a profile of each individual and flag when any activity deviates from their typical behavior. Data indicates that 94% of companies use tools to detect anomalous behavior, compared to 48% from just last year. Almost half (44%) employ User Activity Monitoring and 42% user server logs for managing user behavior.

3. Non-Technical Cues

Employees who are sloppy and careless about their work could represent a big security risk. Careless employees could harbor malicious intent and cause harm purposefully, but they could also be the starting point for unintentional data leaks. Sloppy behavior could lead to accidental information sharing. If an employee consistently makes mistakes like accidentally emailing or posting data, it’s time for some serious security training or a new hire.

4. Know Where your ‘Cool Data’ Resides

Protecting your most valuable information starts with knowing what it looks like. Understand what data cannot leave the organizations, who’s allowed access to that data, and what kind of policies are in place to protect that data.

5. Create an Incident Response Plan

While it’s common today for organizations to have an IRP for handling an external breach, not many have the same plan in place for an insider attack. Insider threats should be treated with the same seriousness as an external breach, as it can cause just as much damage.


Read the article on Dark Reading





NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.