employee threatsWe're all aware of the threats from hackers and cybercriminals out there on the Internet, trying to gain access to our data and ruin our businesses, but what about threats from within your organization? In this week's Tech Tip Tuesday, we will attempt to shed some light on the types of insider threats you must be able to detect and mitigate, the damage inside threats can cause, the user attributes that increase these risks, and the security controls you should implement to prevent and reduce these threats.

What is An Insider Threat?

Simply put, an employee or contractor who uses his/her authorized access to cause harm to your business - whether intentional or accidental - is considered an insider threat. Here are the top three types of insider threats you need to watch out for within your business:

  1. A careless or negligent employee or contractor who unwittingly lets a hacker access your business’ network.
    • Over 60 percent of incidents in 2020 were related to negligence.
  2. A criminal or malicious insider who abuses his or her privileged access to your business’ network to either steal or exfiltrate sensitive data for financial gain or plain old revenge.
    • Criminal insiders were involved in 23 percent of breaches in 2020.
  3. A credential thief who poses as an employee or a contractor to gain access to sensitive data and then compromise the data for financial gain.
    • Credential theft led to 14 percent of breaches in 2020.

What Damage Can Insider Threats Cause?

Even a single security breach caused by an insider threat can result in serious damage to your business in the following ways:

  • Theft of sensitive data: Valuable data such as customer information or trade secrets could be exposed following a breach — an ordeal Marriott International survived in early 2020. Hackers abused a third-party application used by Marriott for providing guest services, to gain access to 5.2 million records of Marriott guests.
  • Induced downtime: The downtime following a breach impacts your business in more ways than one. As mentioned earlier, it can take a long time for you to ascertain the details of a breach and then control the damage. This period can drain your business resources like it did to a company in the UK who had to eventually shut shop after a disgruntled employee deleted 5,000 documents from its Dropbox account.
  • Destruction of property: A malicious insider could cause damage to physical or digital equipment, systems or applications, or even information assets. A former Cisco employee gained unauthorized access to the company’s cloud infrastructure and deleted 456 virtual machines, jeopardizing the access of 16,000 users of Cisco WebEx. The tech major had to shell out $2.4 million to fix the damage and pay restitution to the affected users.
  • Damage to reputation: This is a guaranteed consequence of a security breach. Should you suffer a breach, investors, partners and clients may immediately lose confidence in your business’ ability to protect personal information, trade secrets or other sensitive data.

What User Attributes Aggravate Insider Threats?

The likelihood of a security breach caused by an insider could be significantly increased due to:

  • Excessive access provided to several users in the form of unnecessary permissions or admin rights
  • Haphazard allocation of rights to install or delete hardware, software and users
  • Usage of weak login credentials and bad password hygiene practices by the users
  • Users that act as a single point of failure since no one keeps their access under check (a phenomenon common with the CEO fraud)

How To Building a Resilient Defense Against Insider Threats.

As a business, you can undertake a list of security measures to build a resilient defense against insider threats as part of a proactive defense strategy rather than a reactive one. Some of the immediate measures you can take include:

  1. Assessment and audit of all systems: Direct your IT team to assess and audit every system, data asset and user in order to identify insider threats and document it thoroughly for further action.
  2. Restriction of access and permission controls: Not every employee needs to have access to every piece of data. You must review and limit unnecessary user access privileges, permissions and rights.
  3. Mandatory security awareness training for all users: This measure is non-negotiable. Every user on your network must be trained thoroughly on cyberthreats, especially insider threats, and on how to spot early warning signs exhibited by potential insider threats such as:
    • Downloading or accessing substantial amounts of data
    • Accessing sensitive data not associated with the employee’s job function or unique behavioral profile
    • Raising multiple requests for access to resources not associated with the employee’s job function
    • Attempting to bypass security controls and safeguards
    • Violating corporate policies repeatedly
    • Staying in office during off-hours unnecessarily
  4. Enforcement of strict password policies and procedures: You must repeatedly encourage all users to follow strict password guidelines and ensure optimal password hygiene.
  5. Enhancement of user authentication: Deploy enhanced user authentication methods, such as two-factor authentication (2FA) and multi-factor authentication (MFA), to ensure only the right users access the right data securely.
  6. Determining ‘baseline’ user behavior: Devise and implement a policy to determine ‘baseline’ user behavior related to access and activity, either based on the job function or the user. Do not be counted among the 56 percent of security teams that lack historical context into user behavior.
  7. Ongoing monitoring to detect anomalies: Put in place a strategy and measures that will identify and detect abnormal/anomalous behaviors or actions based on ‘baseline’ behaviors and parameters.

Detecting insider threats and building a robust defense strategy against them can be a tough task for most businesses, irrespective of size. Unfortunately, the longer you wait, the greater the chance of a security lapse costing your business its entire future.

However, you certainly shouldn’t hesitate to ask for help. The right MSP partner can help you assess your current security posture, determine potential insider threats to your business, fortify your cybersecurity infrastructure and secure your business-critical data.

It may seem like a tedious process, but CTTS takes all the hassle way and ensure your peace of mind remains intact throughout this fight. All you have to do is give us a call and we’ll take it from there: (512) 388-5559.



Josh Wilmoth
CEO, Central Texas Technology Solutions



Article curated and used by permission.

 Data Sources: