Insider Threats and What They Mean for your Business

insider threatsCompanies are spending more on information security solutions than ever before, but do they know the threats that can come from within their own organizations? While all eyes turn toward the looming information security threats from outside, sometimes the biggest risk is insider threats coming from an otherwise trusted employee.

The information in this article originally appeared in a blog post written by Joe Gray, enterprise security consultant for Sword & Shield Enterprise Security, for AlienVault. You can read it in full.

What is insider threat?
There are two types of insider threats: Active (Intentional) and Passive (Unintentional). The distinction is whether the perpetrator is willingly malicious or merely ignorant due to poor security programs of the organization.

The scope of the insider threat hinges upon an employee’s access, their motivation, and the design of the organization’s computing assets. A disgruntled employee acting in anger or sadness delete files or corrupt an asset (such as a server), release files publicly to embarrass the organization, or commit sabotage with the lure of a new job from a competitor.

Passive insider threat deals with users who are ill-informed or working in an environment with poor security posture. These are the people and users who fall victim to social engineering.

Insider threat mitigation
Protecting against passive threats is relatively simple with awareness and training. An effective employee training program geared to people on various levels is a fairly inexpensive way to reduce this type of threat.

Protecting against an active insider threat is trickier. These insiders are specifically looking to inflict harm. Detection is the key.

Applying sound “Cyber Hygiene” or “Security Hygiene” practices is another way to reduce the possible impact of an insider threat. Examples are:

  • Complex (strong) passwords
  • Principle of least privilege
  • Background checks
  • Controlled use of administrative credentials
  • Prevention of execution of software in the user space (C:\Users), including AppData, Documents, Downloads, and Desktop
  • A robust Incident Response program
  • Application whitelisting
  • Malware protection
  • File Integrity Monitoring

The key is having a good detection and response program and ongoing training. Only then will people be empowered to report what they see in the workplace.

To help your company get a handle on security, Sword & Shield offers a customized demonstration of our Managed Security Services Platform. Our MSSP can be tailored to suit any customer network and scaled to satisfy growing computing needs. Request your customized demonstration today.

Comments are closed.