Protecting your organisation from insider threats
Your own employees can often be the weakest link in the security chain. Luke Brown offers advice on how to minimise the ‘insider threat’
Living in an increasingly networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks. Data security breaches can be devastating in terms of cost and reputation, so efforts are rightly directed at protecting the perimeter of an organisation’s IT systems from unauthorised intruders. However, the threat that is harder to guard against is from within.
A recent, fascinating survey by the SANS Institute confirmed the insider threat is a key concern for security professionals. And yet, of the 770 businesses polled, 32% had no systems in place to protect against insider attacks, around half struggled to estimate the damage from such an attack, and 44% did not know how much they spent on preventing insider threats.
Spotting security incidents arising from within the firm is particularly tricky because the attacker may have legitimate access. If the credentials being inputted are valid, the same alarms are not raised as when an unauthorised user attempts entry from the outside.
There is a line to be drawn between allowing employees or contractors access to the information they need to get the job done, and implementing an effective lock-down of sensitive data. Getting the balance right is not easy, as the recent PWC Economic Crime Report sums up, “Companies continue to make their critical data available to management, employees, vendors, and clients on a multitude of platforms – including high-risk platforms such as mobile devices and the cloud – because the economic and competitive benefits appear so compelling.”
Alongside enabling innovation and productivity, every company has to deal with the insider threat. The truth is, it’s not just an IT matter. While the IT department is central to enabling access to information, they really just provide the tools. It’s down to the C-suite, the managers, HR, Legal and IT to work together to empower and engage employees. Trust is a key factor, because there needs to be an atmosphere in which management can take advice they don’t necessarily want to hear and in which an employee can speak up without fear of reprisal.
In summary, here are the top five ways to protect your organisation from the insider threat.
Conventional screening methods struggle to detect unauthorised use of information that has been accessed “legitimately.” However, the signs of an insider threat are often there before a breach occurs. Behavioural changes should act as a red flag – is the employee accessing data at odd times, e.g. on sick leave or on holiday? Other suspicious activity might include an employee complaining more, being less cooperative and taking an interest outside the scope of their responsibilities. Those working around him/her are the most likely to notice something is amiss, so having a communication channel in place for reporting such concerns is very important.
Employees need to understand that the company reserves the right to monitor activity on company-provided equipment and networks. A clear Acceptable Use Policy takes the guesswork out of what is appropriate use of the organisation’s data. Once the policy is in place, employees need to be educated, trained and, finally, sign and agree to it.
The process - initiation, education and pledge - is important in fostering a sense of engagement and accountability with the workforce. The SANS institute offers a sample Acceptable Use Policy that is available without copyright restrictions.