Many businesses are starting to understand that the biggest concern for their business lies right under their noses: their own employees.

According to a new study conducted by Cybersecurity Insiders, over half of organizations (53%) have confirmed an insider attack within the last 12 months. The group polled 400,000 people for its 2018 Insider Threat Report and found that ninety percent of businesses feel they are vulnerable to an insider attack.

While many organizations focus on potentially malicious insiders, insider intentionally looking to do harm to an organization, it’s much more common for employees to partake in accidental or negligent activity. Nevertheless, insider threat detection is a top focus for 64% of companies, followed by deterrence methods (58%), and analysis and post-breach forensics (49%).

An article on Dark Reading describes these 5 red flags and best practices to help your organizations determine when an insider threat is happening and what you can do to protect against them.

1. Unauthorized Data Access

Reports by Cybersecurity Insiders have found that the top enabling risk factor for insider threats is too many users with access privileges (37%), followed by the increased number of devices with access to sensitive data (36%), and greater complexity of IT (35%). The good news is that organizations across the spectrum are investing in protective measures with Intrusion Detection and Prevention Systems (63%), log management (62%), SIEM systems (51%), and predictive analytics (40%).

The tools your organizations invests in will depend on the size of your business, but storing valuable data in a subnet is recommended as a start. With these basic monitoring and security tools in place, you’ll start to notice repeated access if an authorized person repeatedly tries to gain access.

2. Suspicious Activity

Behavioral monitoring tools have advanced over the last several years and work by building a profile of each individual and flag when any activity deviates from their typical behavior. Data indicates that 94% of companies use tools to detect anomalous behavior, compared to 48% from just last year. Almost half (44%) employ User Activity Monitoring and 42% user server logs for managing user behavior.

3. Non-Technical Cues

Employees who are sloppy and careless about their work could represent a big security risk. Careless employees could harbor malicious intent and cause harm purposefully, but they could also be the starting point for unintentional data leaks. Sloppy behavior could lead to accidental information sharing. If an employee consistently makes mistakes like accidentally emailing or posting data, it’s time for some serious security training or a new hire.

4. Know Where your ‘Cool Data’ Resides

Protecting your most valuable information starts with knowing what it looks like. Understand what data cannot leave the organizations, who’s allowed access to that data, and what kind of policies are in place to protect that data.

5. Create an Incident Response Plan

While it’s common today for organizations to have an IRP for handling an external breach, not many have the same plan in place for an insider attack. Insider threats should be treated with the same seriousness as an external breach, as it can cause just as much damage.


Read the article on Dark Reading





The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.