Insider threats lurk inside every organization. Just think about the security problems that the U.S. government has faced through unauthorized disclosure at WikiLeaks and others. Unlike external threats, insiders have special advantages if they want to attack your company. They know your security practices, people, and technology. Thus, they can do significant damage. Are insider threats truly substantial? Let’s take a closer look at recent trends.
Insider Threats: A Top Problem for IT Security
Insider threats have been with us for years, and they show no signs of slowing down. According to McKinsey & Company’s analysis of more than 2,000 security events, “50 percent of the breaches we studied had a substantial insider component.” Failing to take action on this threat category is a significant oversight! It’s also a difficult challenge to solve since there are multiple issues to consider, including employee rights, productivity, and morale. To help you think through this issue, the first step is to acknowledge the threat as a major issue.
Preventing Insider Threats from Crippling Your Company in 5 Steps
Use these steps to define, monitor, and reduce the insider threat.
1. Review and Revise Your IT Security Risk Appetite
Before analyzing systems or events, take some time to review your security risk appetite. For instance, if you operate in a highly regulated industry such as banking or healthcare, you’ll generally have a low appetite for security events. As you review your appetite for suffering a security incident, consider the issue broadly. If your company suffers a security failure, would that impact your ability to retain customers and gain new ones?
2. Review Your Insider Threat Detection Systems
Let’s assume your organization prides itself on high security, so you have a minimal appetite for insider threat incidents. Next, you need to assess your threat detection systems. For example, do you have a process to detect unusual patterns of activity from internal users? Can you track and report on inactive user accounts? If you can’t easily answer those questions, you’ll struggle to stop insider threats because you can’t detect these events when they happen.
Tip: Consider purchasing an identity and access management software solution that makes it easy to set up and remove user accounts. If account removal is difficult, inactive user accounts and out-of-date permissions are less likely to be addressed.
3. Review Your IT Security Training
Now that you understand the state of your systems, you need to look at the training offered to employees. Specifically, consider how training is provided to employees and managers. Training can be critical to protecting the accidental insider threat, such as leaving an open corporate laptop out in a public place. For managers, training reinforces the message that everyone plays a role in security, not just IT.
For the best results, pick a few examples of IT security events from the news to underline the importance of robust security practices.
4. Assess Your Insider Threat Strategy with Human Resources
So far, we’ve examined the insider threat from the IT security department’s perspective. There are other stakeholders that need to be engaged, however. We recommend engaging human resources as well. Specifically, look at two processes: onboarding and offboarding. When employees join the organization, there’s a critical opportunity to explain security requirements during onboarding.
For offboarding, some former employees may be emotional and motivated to attack the company. To reduce the impact of a disgruntled departing employee, use a few methods. Start by ensuring you offer a fair and humane process for departing employees, including competitive severance payments where applicable. Second, establish a procedure to remove and deactivate all user accounts and access for employees on their last day. This is a critical control process to reduce risk.
5. Develop Recommendations to Reduce the Impact and Probability of Insider Threats
Using the information gathered from the prior steps, you need to make some recommendations. You may find that there are dozens of problems and gaps in your organization’s approach to insider threats. Don’t become overwhelmed with the issues! Instead, use two questions to score the problems.
- On a scale of 0-10 where 0 is low likelihood, how likely is this problem to cause an IT security problem?
- On a scale of 0-10 where 10 is a catastrophic impact, what is the likely impact of this exposure?
Based on those scores, develop a plan and recommendations to address the top 20% of issues. After examining your recommendations, it may still feel like too much to take on.
Leveraging Automation to Reduce Insider Security Threats
Asking senior management to approve hiring a small army of security specialists to handle insider threat risk is a tough sell. Instead, we recommend a balanced approach: improve security by leveraging software solutions, tightening processes, and improving training. Let’s focus on how IT security software can reduce the insider security threat.
Enable Managers to Quickly Review Access Dashboard
Using Identity Enforcer, managers can easily access reports on their area once a month, quarterly, or whenever they wish. Upon reviewing the report, they can easily detect user accounts from former employees and get those removed.
Implement Single Sign On (SSO). Deactivating a dozen or more user accounts to reduce insider threat risk is tough. There’s a better way! With a single sign-on software solution, you can grant employees access with a single login and remove it when needed.
By using these software tools, your IT security team will have more capacity to proactively detect other security threats. For example, you can free up time to send security analysts to industry security events. Alternatively, you can review the security protections in place for your cloud software. By taking the initiative to detect security threats, your organization will become much better protected.