Many businesses are starting to understand that the biggest concern for their business lies right under their noses: their own employees.
According to a new study conducted by Cybersecurity Insiders, over half of organizations (53%) have confirmed an insider attack within the last 12 months. The group polled 400,000 people for its 2018 Insider Threat Report and found that ninety percent of businesses feel they are vulnerable to an insider attack.
While many organizations focus on potentially malicious insiders, insider intentionally looking to do harm to an organization, it’s much more common for employees to partake in accidental or negligent activity. Nevertheless, insider threat detection is a top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).
An article on Dark Reading describes these 5 red flags and best practices to help your organizations determine when an insider threat is happening and what you can do to protect against them.
1. Unauthorized Data Access
Reports by Cybersecurity Insiders have found that the top enabling risk factor for insider threats is too many users with access privileges (37%), followed by the increased number of devices with access to sensitive data (36%), and greater complexity of IT (35%). The good news is that organizations across the spectrum are investing in protective measures with Intrusion Detection and Prevention Systems (63%), log management (62%), SIEM systems (51%), and predictive analytics (40%).
The tools your organizations invests in will depend on the size of your business, but storing valuable data in a subnet is recommended as a start. With these basic monitoring and security tools in place, you’ll start to notice repeated access if an authorized person repeatedly tries to gain access.
2. Suspicious Activity
Behavioral monitoring tools have advanced over the last several years and work by building a profile of each individual and flag when any activity deviates from their typical behavior. Data indicates that 94% of companies use tools to detect anomalous behavior, compared to 48% from just last year. Almost half (44%) employ User Activity Monitoring and 42% user server logs for managing user behavior.
3. Non-Technical Cues
Employees who are sloppy and careless about their work could represent a big security risk. Careless employees could harbor malicious intent and cause harm purposefully, but they could also be the starting point for unintentional data leaks. Sloppy behavior could lead to accidental information sharing. If an employee consistently makes mistakes like accidentally emailing or posting data, it’s time for some serious security training or a new hire.
4. Know Where your ‘Cool Data’ Resides
Protecting your most valuable information starts with knowing what it looks like. Understand what data cannot leave the organizations, who’s allowed access to that data, and what kind of policies are in place to protect that data.
5. Create an Incident Response Plan
While it’s common today for organizations to have an IRP for handling an external breach, not many have the same plan in place for an insider attack. Insider threats should be treated with the same seriousness as an external breach, as it can cause just as much damage.
Read the article on Dark Reading